story-short-scan
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or security risks were identified. The skill is consistent with its stated purpose of market research.
- [PROMPT_INJECTION]: The skill is designed to fetch and analyze data from external platforms (Zhihu, Fanqie, etc.), which creates a potential surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context via
WebFetch,WebSearch, and user-provided inputs as defined inSKILL.md. - Boundary markers: The skill instructions do not specify any delimiters or safety markers to help the agent distinguish between data and embedded instructions in the fetched content.
- Capability inventory: The agent's capabilities include web browsing and text analysis; there is no evidence of dangerous capabilities like arbitrary code execution (
eval/exec), unauthorized file system access, or persistence mechanisms. - Sanitization: The skill does not implement any sanitization or validation logic for the external text data it processes.
Audit Metadata