baidu-netdisk-manager
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill manages authentication state by storing sensitive session cookies (BDUSS and STOKEN) in a local session file at
~/.netdisk/session.json. While this is standard practice for CLI-based authentication persistence, it represents a local point of exposure for account credentials. - [EXTERNAL_DOWNLOADS]: The skill interacts with official and well-known Baidu services, including
pan.baidu.com,pcs.baidu.com, andpassport.baidu.com, to facilitate cloud file management and user authentication. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes untrusted metadata, such as file names and search results, retrieved from external Baidu Netdisk API responses.
- Ingestion points: File names, paths, and metadata retrieved via API calls in
netdisk_sdk.pyand displayed to the user innetdisk.py. - Boundary markers: None identified; external metadata is rendered directly into terminal tables.
- Capability inventory: The skill possesses capabilities for network communication with Baidu servers and local file system access for uploading and downloading content.
- Sanitization: The skill uses standard JSON parsing for API responses but does not implement specific filtering to detect or sanitize natural language instructions embedded within file metadata.
Audit Metadata