dailyhot-api
Warn
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the
dailyhot-apipackage from the public NPM registry during its initialization phase inscripts/ensure_running.sh. - [COMMAND_EXECUTION]: The skill executes various shell commands to manage a background service, including
npm install,node,kill, and network utility commands (ss,netstat,curl) to ensure the local API service is operational. - [REMOTE_CODE_EXECUTION]: By downloading and then executing the entry point of a third-party NPM package (
node_modules/dailyhot-api/dist/index.js), the skill performs execution of external software not directly provided within the skill's source files. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it aggregates headlines and hot search titles from over 40 external platforms (such as Weibo, Douyin, and Zhihu) and provides them to the agent context.
- Ingestion points: External platform data enters the context via
scripts/collect_trends.py, which fetches JSON data from the locally deployed service. - Boundary markers: Absent; the fetched content is passed directly as a structured JSON object or string to the agent.
- Capability inventory: The skill has capabilities for shell command execution and local background process management.
- Sanitization: No sanitization or filtering of external content is performed to prevent malicious instructions embedded in trending headlines from influencing the agent's behavior.
Audit Metadata