china-holidays
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches holiday schedules and search data from the official Chinese government website (
www.gov.cn) and its official search API (sousuo.www.gov.cn). These are well-known, authoritative sources. - [COMMAND_EXECUTION]: The skill executes the included Python script
scripts/fetch_holidays.pyto perform data retrieval and caching operations. The script uses the standard library and validates input to prevent common vulnerabilities like path traversal. - [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external web pages, representing a potential injection surface. However, the
fetch_holidays.pyscript includes a dedicated sanitization function (extract_chinese_text) that strips HTML tags (including script and style blocks) and uses regular expressions to restrict the extracted content to specific character sets, such as Chinese characters, numbers, and standard punctuation.
Audit Metadata