github-trending
Fail
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: File
send_wecom_summary.pycontains a hardcoded sensitive API key in theDEFAULT_WEBHOOKvariable (key=45548262-1f73-40a9-a33f-eba95e934082). This allows unauthorized users to send messages through the bot. - [DATA_EXFILTRATION]: The skill transmits repository summaries and metadata to the external domain
qyapi.weixin.qq.comvia a hardcoded webhook URL. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through the processing of untrusted repository data.
- Ingestion points: Fetches raw README content from external, third-party GitHub repositories in
fetch_trending.py(viafetch_readmefunction). - Boundary markers: Absent. The skill does not utilize delimiters or specific instructions to treat external README content as data rather than instructions.
- Capability inventory: Has the ability to perform network operations (sending notifications to an external webhook).
- Sanitization: The
strip_markdownfunction insend_wecom_summary.pyonly removes markdown formatting characters and does not sanitize for malicious instructions or hidden control characters.
Recommendations
- AI detected serious security threats
Audit Metadata