huashu-nuwa

Fail

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: CRITICALEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Automated scanners identified malicious URLs within the research data. Specifically, files related to the sun-yuchen-perspective and trump-perspective examples contain links to suspected botnet-related PDF documents (e.g., https://ijels.com/upload_document/issue_files/70IJELS-1042024-TheArt.pdf).
  • [EXTERNAL_DOWNLOADS]: An infected file was detected in the examples/trump-perspective/references/research/03-expression-dna.md file, identified as MD:HttpRequest-inf [Susp]. This indicates the presence of malicious scripts or patterns within the research material.
  • [COMMAND_EXECUTION]: The SKILL.md utilizes dynamic context injection patterns, such as bash [skill目录]/scripts/download_subtitles.sh <YouTube_URL> and python3 [skill目录]/scripts/merge_research.py <skill目录>. While these are part of the stated automated research flow, executing shell scripts based on input URLs and paths is a high-risk capability.
  • [COMMAND_EXECUTION]: The x-mastery-mentor example contains instructions for extensive use of computer-use and claude-in-chrome tools to scrape live data from x.com, which involves complex multi-step interactions and automated browsing.
  • [PROMPT_INJECTION]: Several example skills (e.g., zhangxuefeng-perspective, elon-musk-perspective) contain role-play instructions that explicitly command the agent to ignore standard constraints, such as 'This Skill activated, respond directly as [Person]', and 'First-person response required'. While intended for character simulation, these mirror patterns used in prompt injection to bypass safety guidelines.
Recommendations
  • CRITICAL: 1 infected file(s) detected - DO NOT USE
  • AI detected serious security threats
  • Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 2, 2026, 04:12 AM
Security Audit — agent-trust-hub — huashu-nuwa