article-saver
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill's core function is to ingest untrusted data from external sources (WeChat, Twitter, and Zhihu). Ingestion points: scripts/saver.py (referenced). Boundary markers: None identified in documentation or metadata. Capability inventory: Uses Playwright to browse/download and writes Markdown and media to the local filesystem (Documents/WebContent/). Sanitization: Only 'sanitize_filename' is mentioned for filesystem safety; no content sanitization to prevent embedded instruction execution is present.
- Data Exposure (HIGH): The scripts 'setup_wechat.py' and 'setup_zhihu.py' capture full session authentication states, including cookies and local storage, and save them as plain JSON in the 'data/' directory. These files are high-value targets for exfiltration and provide persistent access to user accounts.
- External Downloads (MEDIUM): The 'setup.sh' script and 'requirements.txt' trigger the installation of external Python packages and the download of a Chromium browser binary via Playwright.
- Command Execution (MEDIUM): The installation process requires the user to 'chmod +x' and execute shell scripts, and the skill's operation relies on executing Python scripts that manage browser instances and local storage.
Recommendations
- AI detected serious security threats
Audit Metadata