Skills
skills/hwj123hwj/custom-skills/media-analyze/Gen Agent Trust Hub

media-analyze

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl commands to interact with the Tavily search API to retrieve data.
  • [EXTERNAL_DOWNLOADS]: The skill fetches data from multiple external sources, including Tavily, Toutiao, WeChat, Weibo, and Bing CN, to compile analysis reports.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it processes untrusted data from various third-party web platforms.
  • Ingestion points: External search results and scraped content from social media platforms (Toutiao, WeChat, Weibo, Bing).
  • Boundary markers: None. There are no explicit delimiters or instructions to the agent to treat fetched data as untrusted content.
  • Capability inventory: Network operations via curl and HTTP requests, and the ability to generate structured report files.
  • Sanitization: The instructions mention desensitizing sensitive information, but there is no technical validation or sanitization to prevent embedded instructions in the fetched content from influencing the agent's behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 04:01 PM