Skills
skills/cnife/my-scripts/crawl-xueqiu-user-timeline/Gen Agent Trust Hub

crawl-xueqiu-user-timeline

Warn

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/check-cdp.sh uses pkill -f "Google Chrome" and pkill -9 to forcibly terminate existing browser processes. This is an invasive operation that can lead to data loss in unrelated user browser sessions.
  • [EXTERNAL_DOWNLOADS]: The setup script scripts/check-agent-browser.sh installs the agent-browser package globally (npm install -g) from a remote registry. While it uses a well-known mirror, global installation of third-party tools increases the system's attack surface.
  • [COMMAND_EXECUTION]: The main Python script scripts/crawl_xueqiu_user_timeline_api.py uses subprocess.run to execute CLI commands and evaluates dynamic JavaScript strings within the browser context via the agent-browser tool.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it scrapes untrusted user-generated content from Xueqiu and explicitly recommends subsequent AI analysis of this data.
  • Ingestion points: scripts/crawl_xueqiu_user_timeline_api.py fetches post content, user descriptions, and interaction data from xueqiu.com.
  • Boundary markers: Absent. Scraped data is saved directly to Markdown without delimiters or instructions for the AI to ignore embedded commands.
  • Capability inventory: The skill possesses the ability to execute subprocesses, evaluate browser-side JavaScript, and write files to the local system.
  • Sanitization: The script performs basic HTML tag removal and entity replacement, which is insufficient to prevent instructions embedded in text from influencing a downstream LLM.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 27, 2026, 11:53 AM