Skills
skills/yitongcodes/weibo_trends_analyzer_web/weibo-trends-analyzer/Gen Agent Trust Hub

weibo-trends-analyzer

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE] (HIGH): A hardcoded API key (4dfdf794141101d7bb8ece0294dbbc02) is present in README.md, API_CONFIG.md, and QUICKSTART.md. This key grants access to the TianAPI service and should be handled via environment variables or secret management rather than being committed to the codebase.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill communicates with an external API endpoint (https://apis.tianapi.com/weibohot/index). While this is the intended functionality, the domain is not on the Trusted Sources list.
  • [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface (Category 8). It ingests untrusted data from Weibo hot trends and processes it with an AI agent to generate product designs. An attacker who can influence social media trends could embed instructions in trend titles (e.g., 'hotword') to manipulate the agent's output or report generation.
  • Ingestion points: API_CONFIG.md (Fetching from TianAPI result.list array).
  • Boundary markers: Absent. No evidence of delimiters or instructions to ignore embedded commands in the provided files.
  • Capability inventory: Web search (via README.md), HTML file generation, and network access to apis.tianapi.com.
  • Sanitization: Absent. No logic is provided to sanitize or validate the content of the hotword strings before AI processing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:39 PM