kaiyu-qichacha-fetcher

Warn

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DYNAMIC_EXECUTION]: The setup.py configuration script uses regular expressions to programmatically modify the scripts/api_registry.py file to enable or disable specific API interfaces. This process is accompanied by a call to the compile() function to validate the Python syntax of the modified code before it is written to disk. This self-modification of skill scripts is a dynamic execution pattern used for state management.
  • [COMMAND_EXECUTION]: The skill instructions in SKILL.md explicitly direct the AI agent to execute local Python scripts and shell commands (scripts/qcc.py, setup.py) to manage configuration, run diagnostics, and perform data fetching.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests enterprise data from the Qichacha OpenAPI (api.qichacha.com) and renders it for agent processing. The lack of explicit boundary markers or instructions to ignore embedded commands in this external data represents an indirect prompt injection surface.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to the Qichacha API for its core functionality and its documentation refers users to the author's GitHub repository (github.com/43COLLEGE) for setup. These operations are consistent with the skill's documented purpose and target well-known service providers.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 01:23 PM
Security Audit — agent-trust-hub — kaiyu-qichacha-fetcher