kaiyu-qichacha-fetcher
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DYNAMIC_EXECUTION]: The
setup.pyconfiguration script uses regular expressions to programmatically modify thescripts/api_registry.pyfile to enable or disable specific API interfaces. This process is accompanied by a call to thecompile()function to validate the Python syntax of the modified code before it is written to disk. This self-modification of skill scripts is a dynamic execution pattern used for state management. - [COMMAND_EXECUTION]: The skill instructions in
SKILL.mdexplicitly direct the AI agent to execute local Python scripts and shell commands (scripts/qcc.py,setup.py) to manage configuration, run diagnostics, and perform data fetching. - [INDIRECT_PROMPT_INJECTION]: The skill ingests enterprise data from the Qichacha OpenAPI (
api.qichacha.com) and renders it for agent processing. The lack of explicit boundary markers or instructions to ignore embedded commands in this external data represents an indirect prompt injection surface. - [EXTERNAL_DOWNLOADS]: The skill performs network requests to the Qichacha API for its core functionality and its documentation refers users to the author's GitHub repository (
github.com/43COLLEGE) for setup. These operations are consistent with the skill's documented purpose and target well-known service providers.
Audit Metadata