csdn-publisher
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the official Google Chrome installation package from Google's distribution servers to enable browser automation.
- [COMMAND_EXECUTION]: Performs system-level package installation using
yumand executes local Python scripts (login.py) to manage authentication flows and background processes. - [CREDENTIALS_UNSAFE]: Manages CSDN session cookies and Telegram bot configuration stored in the
~/.openclaw/workspace/credentials/directory. - [PROMPT_INJECTION]: Exposed to indirect prompt injection where malicious instructions embedded in the user-provided Markdown article could potentially influence the agent's behavior during the publication process.
- Ingestion points: Markdown content is directly injected into the browser DOM via JavaScript as seen in
SKILL.md. - Boundary markers: No delimiters or defensive instructions are present to prevent the agent from interpreting commands within the article content.
- Capability inventory: Includes system package management, browser automation, and local script execution.
- Sanitization: The skill does not perform validation or sanitization of the input content before processing.
Audit Metadata