hot-topics
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill performs network requests to '60s.viki.moe', which is a non-whitelisted domain. This is required for its functionality to fetch trending data but represents a dependency on a third-party service.- [Indirect Prompt Injection] (LOW): This finding identifies an attack surface where untrusted data enters the agent context.
- Ingestion points: The skill fetches trending titles and topics from external social media APIs (Weibo, Zhihu, Baidu, etc.) via a proxy.
- Boundary markers: Absent. The external content is interpolated directly into response strings without delimiters.
- Capability inventory: Low. The skill is designed for reading and displaying data. It lacks file-system write access, arbitrary command execution, or secondary network exfiltration capabilities.
- Sanitization: None detected. Data from platforms is processed as raw strings.
- Risk: Minimal, as the agent only summarizes or displays the content.
Audit Metadata