court-sms
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches judicial documents from multiple official platforms, including the National Court Unified Delivery Platform (zxfw.court.gov.cn), Guangdong Court Electronic Delivery (sd.gdems.com), and the Hubei Electronic Delivery Platform (dzsd.hbfy.gov.cn).
- [COMMAND_EXECUTION]: Shell commands (curl) and browser automation (Playwright) are used to perform document downloads. These commands are executed using parameters like global identification numbers (qdbh) and delivery numbers (sdbh) extracted from user-provided URLs. The skill also references the execution of a Node.js script (scripts/download_court_docs.mjs) for automated handling.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted text from SMS messages and extracts content from court-issued PDF documents.
- Ingestion points: User-supplied SMS text and the text layer of downloaded PDF files (e.g., subpoenas, judgments).
- Boundary markers: The skill relies on structured regex patterns defined in 'references/sms-patterns.json' to constrain its parsing logic.
- Capability inventory: Includes the ability to execute subprocesses (curl, node), perform file system writes (archiving documents), and conduct network requests.
- Sanitization: Implements filename sanitization to remove illegal characters before archiving files.
- [CREDENTIALS_UNSAFE]: The instructions direct the agent to extract user credentials (accounts and passwords) from plain-text SMS messages for the Hubei platform's account-mode login. While this is a functional requirement for the task, it involves the handling of raw secrets within the agent's context.
Audit Metadata