toutiao-news-trends
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The script connects to
www.toutiao.comto fetch news data. This is consistent with the skill's stated purpose and uses standard library functions. - [DATA_EXFILTRATION] (SAFE): No attempts to access local sensitive files (like SSH keys or environment variables) or exfiltrate private data were found.
- [COMMAND_EXECUTION] (SAFE): The script does not execute arbitrary system commands or external scripts. It only uses Node.js for network requests and data parsing.
- [PROMPT_INJECTION] (LOW): This category identifies an indirect prompt injection surface. Because the skill fetches news headlines and labels from an external, untrusted source (Toutiao), these strings could contain content designed to influence an AI's behavior if the output is processed without proper delimiters.
- Ingestion points: Data is fetched from
https://www.toutiao.com/hot-event/hot-board/inscripts/toutiao.js. - Boundary markers: None provided in the instructions.
- Capability inventory: The script only performs network reads and console logging.
- Sanitization: The script cleans URLs but does not sanitize the text content of news titles.
Audit Metadata