ai-topic-scout
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs several third-party packages and CLI tools from NPM and PyPI, including
mcporter,@steipete/bird, andyt-dlp. It also uses a custom tool calledclawhub(a resource associated with the vendor) to install additional dependencies likedingtalk-ai-tableandyoutube-watcher. - [COMMAND_EXECUTION]: The workflow relies on executing multiple system commands and scripts, such as
yt-dlpfor video metadata extraction,birdfor Twitter scraping, and a Python script from a dependency for fetching transcripts (get_transcript.py). - [CREDENTIALS_UNSAFE]: The setup instructions require the user to manually extract and store sensitive Twitter authentication cookies (
auth_tokenandct0) in a local configuration file (~/.config/bird/config.json5) or pass them as CLI arguments. This handling of session tokens could lead to credential exposure if the local environment is not properly secured. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted external content (YouTube transcripts and Twitter tweets) to generate summaries, aggregate topics, and provide analysis suggestions.
- Ingestion points: YouTube transcripts and Twitter user tweets fetched during the hourly scraping process as described in SKILL.md.
- Boundary markers: The workflow does not specify the use of clear delimiters or instructions to ignore embedded commands within the fetched external content before passing it to the model.
- Capability inventory: The agent can write records to DingTalk AI Tables (via
mcporter) and perform web searches for background information based on the analyzed topics. - Sanitization: No explicit sanitization or filtering logic is mentioned for the raw scraped text prior to its inclusion in prompts for summarization and aggregation.
Audit Metadata