google-trends
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/run.pyutilizessubprocess.runto automate the creation of a Python virtual environment and execute the core logic inscripts/trends.py. - [EXTERNAL_DOWNLOADS]: The skill's setup process in
scripts/run.pyinstalls thetrendspygpackage and its dependencies directly from the Python Package Index (PyPI). - [COMMAND_EXECUTION]: The
scripts/trends.pyfile uses Selenium to automate a headless Chrome browser, which involves launching a subprocess to interact withtrends.google.com. - [PROMPT_INJECTION]: The skill identifies an attack surface for indirect prompt injection as it processes external search trend data.
- Ingestion points: Data is ingested via
fetch_rssandfetch_csvinscripts/trends.py. - Boundary markers: No explicit boundary markers or 'ignore' instructions are used when presenting external trends to the agent.
- Capability inventory: The skill environment allows for subprocess execution and network requests.
- Sanitization: Data is parsed into structured JSON format but does not undergo specific content filtering for potential instructions embedded in trend names.
Audit Metadata