huashu-nuwa
Fail
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Automated scanners identified malicious URLs within the research data. Specifically, files related to the
sun-yuchen-perspectiveandtrump-perspectiveexamples contain links to suspected botnet-related PDF documents (e.g.,https://ijels.com/upload_document/issue_files/70IJELS-1042024-TheArt.pdf). - [EXTERNAL_DOWNLOADS]: An infected file was detected in the
examples/trump-perspective/references/research/03-expression-dna.mdfile, identified asMD:HttpRequest-inf [Susp]. This indicates the presence of malicious scripts or patterns within the research material. - [COMMAND_EXECUTION]: The
SKILL.mdutilizes dynamic context injection patterns, such asbash [skill目录]/scripts/download_subtitles.sh <YouTube_URL>andpython3 [skill目录]/scripts/merge_research.py <skill目录>. While these are part of the stated automated research flow, executing shell scripts based on input URLs and paths is a high-risk capability. - [COMMAND_EXECUTION]: The
x-mastery-mentorexample contains instructions for extensive use ofcomputer-useandclaude-in-chrometools to scrape live data fromx.com, which involves complex multi-step interactions and automated browsing. - [PROMPT_INJECTION]: Several example skills (e.g.,
zhangxuefeng-perspective,elon-musk-perspective) contain role-play instructions that explicitly command the agent to ignore standard constraints, such as 'This Skill activated, respond directly as [Person]', and 'First-person response required'. While intended for character simulation, these mirror patterns used in prompt injection to bypass safety guidelines.
Recommendations
- CRITICAL: 1 infected file(s) detected - DO NOT USE
- AI detected serious security threats
- Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata