entertainment
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill performs HTTP GET requests to the non-whitelisted domain
60s.viki.moeto fetch content. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill possesses a surface for indirect prompt injection by displaying untrusted data from an external API. \n
- Ingestion points: API responses from
https://60s.viki.moe/v2/endpoints including Hitokoto and Duanzi. \n - Boundary markers: Absent; the content is directly displayed to the user without delimiters. \n
- Capability inventory: No dangerous system capabilities or command execution; limited to network reads and saving one image file (
moyu.jpg). \n - Sanitization: None; the skill assumes the API provider is trustworthy.
Audit Metadata