rank
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes system-native shell commands including
date,mkdir,Get-Date, andNew-Itemto prepare the filesystem and generate formatted timestamps. These operations are restricted to the preparation of the output environment and the skill's metadata.\n- [DATA_EXFILTRATION]: The skill interacts with the local filesystem to save notes in the~/Documents/notesdirectory. No network operations, external requests, or attempts to access sensitive system files or credentials were found.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by incorporating user-provided domain names into file paths and document headers.\n - Ingestion points: User input for the domain field ('{领域}') and phenomenon descriptions processed in
SKILL.md.\n - Boundary markers: Absent; user-supplied text is directly interpolated into filenames and Org-mode templates.\n
- Capability inventory: File system write access, directory creation, and shell command execution for metadata generation.\n
- Sanitization: No explicit sanitization or validation of user-provided strings is mentioned before their use in filesystem paths.
Audit Metadata