douban-sync
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill processes untrusted data from Douban RSS feeds and HTML pages.\n
- Ingestion points:
scripts/douban-rss-sync.mjs(RSS feed content),scripts/douban-scraper.mjs(HTML content), andscripts/douban-browser-scraper.mjs(DOM elements).\n - Boundary markers: Not present in the resulting CSV files.\n
- Capability inventory: The skill has filesystem write access (
fs.writeFileSync,fs.appendFileSync) and performs network requests (https.get,fetch).\n - Sanitization: Implements
csvEscapeto ensure valid CSV formatting (escaping quotes, commas, and newlines), which mitigates structural data injection but does not filter content for downstream LLM instructions.\n- Dynamic Execution (SAFE):scripts/douban-browser-scraper.mjsuses dynamic code evaluation to bridge logic into a browser context.\n - Evidence: Uses
new Function()to wrap scraping logic before passing it topage.evaluatevia Puppeteer.\n - Analysis: The script strings (
parseScript,parseGameScript) are hardcoded constants within the source code. No user-controlled or external input is used to generate the executed scripts, eliminating the risk of arbitrary code injection.\n- Privilege Escalation & Persistence (SAFE): No attempts to acquire elevated permissions or establish persistence were found. While the documentation suggests setting up a cron job, the skill itself does not modify system configuration or schedule tasks.
Audit Metadata