zhangxuefeng-perspective

Pass

Audited by Gen Agent Trust Hub on May 30, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The SKILL.md file contains highly prescriptive role-play instructions designed to force the agent to remain in character ('directly respond as Zhang Xuefeng', 'do not skip character', 'do not jump out of role'). These instructions aim to override the agent's default meta-analysis or neutral behavior in favor of a specific persona.
  • [EXTERNAL_DOWNLOADS]: The README.md file recommends installing the skill via npx skills add alchaincyf/zhangxuefeng-skill or git clone from GitHub. These commands fetch code and instructions from a remote repository managed by the author. Since the author context 'alchaincyf' is consistent across these resources, this is documented as standard vendor functionality.
  • [DATA_EXFILTRATION]: The skill's 'Agentic Protocol' in SKILL.md explicitly requires the agent to use the WebSearch tool to fetch real-time data about employment rates, salaries, and university rankings. While intended for factual accuracy, this involves outbound network operations based on user-supplied parameters (e.g., the specific school or major requested).
  • [INDIRECT_PROMPT_INJECTION]: The skill's core workflow involves a significant indirect prompt injection surface as documented in SKILL.md:
  • Ingestion points: The Step 2: Zhang Xuefeng-style research phase ingests untrusted data from the open web via the WebSearch tool (e.g., salary data, student feedback, industry reports).
  • Boundary markers: The instructions lack boundary markers or 'ignore' directives to prevent instructions embedded in external web content from influencing the agent's logic during the synthesis phase.
  • Capability inventory: The agent has the capability to perform web searches and generate long-form, authoritative-sounding advice using the retrieved data.
  • Sanitization: There is no mention of sanitizing or validating the content retrieved from external websites before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 30, 2026, 05:13 PM
Security Audit — agent-trust-hub — zhangxuefeng-perspective