juejin-auto-checkin
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/cron_manager.pyemploysos.systemto launch Python processes. Since the file path for execution is passed as a command-line argument without validation, it creates a risk of arbitrary shell command injection if an attacker can influence the tool input. - [COMMAND_EXECUTION]: The skill creates a persistent daily task on macOS by writing a property list file to
~/Library/LaunchAgents/com.juejin.autosignin.plist. This allows the automation to survive reboots and run automatically in the background across sessions. - [DATA_EXFILTRATION]: The skill saves browser cookies and session data to
~/.juejin_browser_datain the user's home folder. It also exports page HTML and screenshots to the current directory and/tmp, which could lead to accidental exposure of sensitive account information contained in the captured web content. - [PROMPT_INJECTION]: The skill parses and acts upon content retrieved from external web pages at runtime, creating an attack surface for indirect prompt injection where malicious content on the target site could influence agent behavior.
- Ingestion points:
scripts/juejin_auto.py(viapage.content()andpage.evaluate("document.body.innerText")) - Boundary markers: None provided in the automation logic.
- Capability inventory: Shell command execution in
scripts/cron_manager.pyand file system write access inscripts/juejin_auto.pyandscripts/debug_page.py. - Sanitization: No filtering or sanitization of ingested web content is performed.
Audit Metadata