naver-blog-research
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local Python scripts (
naver_search.py,naver_read.py, andnaver_download_images.py) to perform web scraping and file management tasks. - [DATA_EXFILTRATION]: The skill initiates network requests to retrieve data from Naver. It implements a security control in
scripts/_naver_http.pyusing theis_naver_urlfunction, which validates that all requests are restricted to specific Naver domains (.naver.com,.naver.net,.pstatic.net), effectively preventing data exfiltration to unauthorized external domains. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted content from external blog posts which may contain malicious instructions.
- Ingestion points:
naver_search.py(search snippets) andnaver_read.py(blog body text) ingest external data into the agent's context. - Boundary markers: Absent; the skill does not wrap the external content in protective delimiters or provide explicit instructions for the agent to ignore embedded commands.
- Capability inventory: The skill possesses the capability to write files to the local disk (
naver_download_images.py) and perform network operations. - Sanitization: The scripts use regular expressions (
TAG_RE) to strip HTML tags, but do not filter or validate the actual text content for potential prompt injection patterns. - [SAFE]: The image downloader script includes robust protection against path traversal. It uses
os.path.realpathto verify that the target download path resides within the intended output directory, preventing the skill from writing files to sensitive system locations.
Audit Metadata