sensight
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing local Python scripts (scripts/sensight.py, scripts/auth.py) and shell scripts (scripts/init.sh, scripts/calc_time.sh) to interface with its backend APIs and manage time calculations.
- [DATA_EXPOSURE]: The skill creates and accesses a configuration file at
~/.sensight/.sensight_client_idto store and retrieve a persistent client identifier for API session management. - [DATA_EXFILTRATION]: Authentication involves transmitting a user's Feishu union_id or email address to the vendor's endpoint at
https://sensight.bytedance.net/sensight/skill_user_auth. This is a documented part of the skill's authentication mechanism and targets vendor-owned infrastructure. - [EXTERNAL_DOWNLOADS]: The skill uses the
requestsPython library to facilitate network communication with its backend services. - [PROMPT_INJECTION]: The skill ingests data from external social media platforms (Weibo, Twitter, Xiaohongshu, etc.), creating a surface for potential indirect prompt injection. However, the risk is minimal as the skill's capabilities are focused on data retrieval and summarization.
Audit Metadata