news-extractor
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: Hardcoded Twitter Bearer Token found in scripts/crawlers/twitter_client.py.
- [CREDENTIALS_UNSAFE]: Multiple crawler scripts (scripts/crawlers/wechat.py, scripts/crawlers/toutiao.py, scripts/crawlers/lenny.py, scripts/crawlers/naver.py) contain hardcoded session cookies. These credentials might represent active sessions or authorized access tokens, posing a risk of credential exposure or misuse.
- [PROMPT_INJECTION]: Large vulnerability surface for indirect prompt injection. 1. Ingestion points: Content is fetched from 12 external news platforms via crawler scripts like wechat.py and twitter.py. 2. Boundary markers: No delimiters or ignore-embedded-instruction warnings are present in the output generated for the agent. 3. Capability inventory: The skill has permissions to perform network requests and write structured data or markdown files to the local file system. 4. Sanitization: The skill lacks sanitization mechanisms to prevent the agent from executing instructions hidden within the extracted news content.
Audit Metadata