zhangxuefeng-perspective
Pass
Audited by Gen Agent Trust Hub on May 30, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The
SKILL.mdfile contains highly prescriptive role-play instructions designed to force the agent to remain in character ('directly respond as Zhang Xuefeng', 'do not skip character', 'do not jump out of role'). These instructions aim to override the agent's default meta-analysis or neutral behavior in favor of a specific persona. - [EXTERNAL_DOWNLOADS]: The
README.mdfile recommends installing the skill vianpx skills add alchaincyf/zhangxuefeng-skillorgit clonefrom GitHub. These commands fetch code and instructions from a remote repository managed by the author. Since the author context 'alchaincyf' is consistent across these resources, this is documented as standard vendor functionality. - [DATA_EXFILTRATION]: The skill's 'Agentic Protocol' in
SKILL.mdexplicitly requires the agent to use theWebSearchtool to fetch real-time data about employment rates, salaries, and university rankings. While intended for factual accuracy, this involves outbound network operations based on user-supplied parameters (e.g., the specific school or major requested). - [INDIRECT_PROMPT_INJECTION]: The skill's core workflow involves a significant indirect prompt injection surface as documented in
SKILL.md: - Ingestion points: The
Step 2: Zhang Xuefeng-style researchphase ingests untrusted data from the open web via theWebSearchtool (e.g., salary data, student feedback, industry reports). - Boundary markers: The instructions lack boundary markers or 'ignore' directives to prevent instructions embedded in external web content from influencing the agent's logic during the synthesis phase.
- Capability inventory: The agent has the capability to perform web searches and generate long-form, authoritative-sounding advice using the retrieved data.
- Sanitization: There is no mention of sanitizing or validating the content retrieved from external websites before it is processed by the agent.
Audit Metadata