baidu-milan-winter-olympics-2026
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill communicates with tiyu.baidu.com to retrieve Olympic data. This is the core functionality and uses the native https module without external dependencies.
- INDIRECT_PROMPT_INJECTION (LOW): The skill processes untrusted content from the web.
- Ingestion points: milan-olympics.js fetches data from tiyu.baidu.com.
- Boundary markers: None explicitly defined in code, though output is structured as JSON.
- Capability inventory: No file system writes, subprocess execution, or administrative commands.
- Sanitization: Content is parsed via regular expressions to extract specific medal statistics and news metadata, reducing the likelihood of executable payload passage.
- MISSING_FILES (INFO): The documentation references three additional scripts (milan-news.js, milan-china-medals.js, and milan-schedule.js) that were not included in the provided file set. While the analyzed script is safe, the full capability of the skill depends on these missing components.
Audit Metadata