china-news-crawler
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (HIGH): Hardcoded sensitive session credentials detected in the crawler for Toutiao.\n
- File:
scripts/crawlers/toutiao.py\n - Evidence: The constant
FIXED_COOKIEis populated with a long, active authentication cookie string containing multiple session tokens (passport_auth_status_ss,ssid_ucp_sso_v1,ttwid, etc.). This can allow unauthorized access to the account used during development.\n- [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted news content from external websites.\n - Ingestion points: Fetches arbitrary HTML content from user-provided URLs in
extract_news.pyand various crawler modules.\n - Boundary markers: Absent. The output Markdown and JSON files do not use delimiters or provide instructions for the agent to ignore embedded instructions within the news content.\n
- Capability inventory: The skill has file-writing capabilities (via
scripts/extract_news.pyandBaseNewsCrawler.save_as_json) and performs network requests.\n - Sanitization: Absent. The parsing logic uses
parselto extract specific tags but does not filter the text content for malicious prompt injection patterns targeting the LLM.
Recommendations
- AI detected serious security threats
Audit Metadata