Skills
skills/zsxink/skills-hub/toutiao-news-trends/Gen Agent Trust Hub

toutiao-news-trends

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It retrieves news titles and metadata from a third-party source (Toutiao) and presents them to the AI agent. If the external content contains maliciously crafted instructions, it could potentially influence the agent's behavior.
  • Ingestion points: The scripts/toutiao.js file fetches news data from https://www.toutiao.com/hot-event/hot-board/.
  • Boundary markers: The skill does not use specific delimiters or instructions to the agent to ignore potential commands within the news data.
  • Capability inventory: The skill itself does not possess dangerous capabilities like file writing, network exfiltration of local data, or arbitrary command execution beyond running its own script.
  • Sanitization: No sanitization or filtering of the fetched news titles or labels is performed prior to output.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 12:13 PM