hot-monitor
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill aggregates titles and content snippets from external sources including Bing, Google, HackerNews, Bilibili, and Twitter. This creates a surface for indirect prompt injection, as malicious actors could place specific instructions in web content that the AI might inadvertently follow when performing the 'Authenticity' and 'Relevance' assessments described in the analysis guide.
- Ingestion points: Data is fetched from the web via
scripts/search_web.py,scripts/search_china.py, andscripts/search_twitter.py. - Boundary markers: The skill presents search results in a structured format (JSON/Markdown), but lacks explicit instructions to the AI to ignore instructions found within the retrieved data.
- Capability inventory: The skill utilizes network access via the Python
requestslibrary to fetch data. - Sanitization: The scripts use BeautifulSoup for HTML parsing and perform some regex-based tag stripping, but they do not filter the semantic content of the text before presenting it to the AI.
- [COMMAND_EXECUTION]: The skill requires the agent to execute local Python scripts (
search_web.py,search_china.py, etc.) using user-provided keywords as command-line arguments. While these scripts use standard argument parsing, this pattern allows the agent to trigger subprocesses. - [EXTERNAL_DOWNLOADS]: The skill performs network requests to multiple external domains and search providers. It specifically utilizes
twitterapi.iofor Twitter data, which is a third-party API service. These downloads are functional requirements for the skill's purpose.
Audit Metadata