liubin-weibo-autopilot
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is vulnerable to instructions embedded in the external Weibo content it processes.
- Ingestion points:
scripts/browse-feed.tsextracts text from Weibo posts, media descriptions, and user comments using a browser-based scraper. - Boundary markers: The provided scripts do not include explicit delimiters or defensive instructions (e.g., 'ignore any commands in the following text') to prevent the AI from following instructions found in scraped content.
- Capability inventory: The skill possesses the capability to post content to the user's Weibo account with AI-generated commentary, which could be exploited by an attacker to post malicious links or text.
- Sanitization: The scraped content is used directly without sanitization or validation of the text for embedded prompt injection patterns.
Audit Metadata