capital-market-topic-scout
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's data retrieval scripts fetch JSON content from
https://newsnow.busiyi.world/api/s. This external domain is not associated with a trusted vendor or well-known service provider, posing a supply-chain risk for the data being processed. - [PROMPT_INJECTION]: There is a documented surface for indirect prompt injection (Category 8) because the skill ingests headlines from external news platforms and presents them to the LLM for analysis without protective delimiters.
- Ingestion points: News titles are retrieved by
scripts/fetch_newsnow_topics.pyandscripts/fetch_hot_topics.pyfrom external platform APIs. - Boundary markers: The prompts defined in
SKILL.mddo not utilize boundary markers or explicit instructions to treat the ingested news titles as data rather than instructions. - Capability inventory: The skill includes scripts capable of network communication (
requests) and local file persistence (json.dump), which could be leveraged if an injection is successful. - Sanitization: The skill does not implement any filtering or sanitization of the news titles before they are included in the prompt context.
- [DATA_EXFILTRATION]: The skill initiates network requests to external domains (
newsnow.busiyi.world,weibo.com,zhihu.com) that are not on the designated safe list, which is characteristic of potential data exposure vectors.
Audit Metadata