topic-monitor
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- Persistence Mechanisms (MEDIUM): The script
scripts/setup_cron.pyusessubprocess.runto callcrontab, enabling the skill to schedule itself for recurring execution. This provides a method for code to remain active on the host system without ongoing user intervention. While intended for monitoring, it is a high-privilege action that is downgraded to MEDIUM due to its alignment with the skill's primary purpose.\n- Credentials Safety (MEDIUM): The configuration architecture (scripts/config.py,config.example.json) facilitates the storage of sensitive secrets, includingsmtp_passwordandwebhook_url, in a plaintext JSON file. This presents a risk of credential exposure if the local environment is compromised.\n- Indirect Prompt Injection (LOW): The skill ingests and processes untrusted data from web search results to determine the importance of alerts.\n - Ingestion points: Search results are processed in
scripts/importance_scorer.pyvia titles and snippets.\n - Boundary markers: No explicit delimiters are used to separate untrusted content from the scoring logic.\n
- Capability inventory: The skill can send outbound messages to Discord, Telegram, and Email, and it can modify system cron jobs.\n
- Sanitization: Input content is converted to lowercase and matched against regex patterns without formal sanitization or escaping.\n- Missing Functional Components (LOW): Core logic files
scripts/monitor.pyandscripts/setup.pyare referenced but not included in the provided source, limiting the ability to audit the actual search implementation and installation behavior.
Audit Metadata