media-analyze
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlto interact with the Tavily API and various search engines (Toutiao, Sogou, Weibo, Bing). While these are standard operations for a search tool, they involve subprocess execution. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it aggregates data from untrusted external sources into a structured report.
- Ingestion points: Data is retrieved from the Tavily API and via HTTP requests to Toutiao, WeChat (Sogou), Weibo, and Bing CN.
- Boundary markers: The skill does not define clear delimiters or instructions to ignore embedded commands when processing or integrating the retrieved search results into the final report.
- Capability inventory: The skill has the capability to execute shell commands via
curland can spawn sub-agents for parallel searching as described in Step 2. - Sanitization: While the instructions mention "sensitive information desensitization" and source attribution, there is no evidence of specific prompt sanitization or escaping of the external content to prevent it from influencing the agent's logic.
Audit Metadata