ip-diagnosis
Warn
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions that explicitly override standard user confirmation protocols ('本技能默认针对当前机器执行,不询问是否继续'), allowing the agent to perform autonomous system modifications and software installations without oversight.
- [COMMAND_EXECUTION]: The skill performs automated installations of global software packages and system utilities (e.g., 'npm install -g playwright-cli', 'brew install node') without requiring individual user approval for each dependency.
- [COMMAND_EXECUTION]: The instructions include commands to modify persistent system-level network configurations, such as disabling IPv6 services on network interfaces via the 'networksetup' utility.
- [EXTERNAL_DOWNLOADS]: The skill interacts with multiple external third-party services (e.g., 'ipify.org', 'ipinfo.io', 'webbrowsertools.com') to retrieve data. The automated retrieval and processing of this data, combined with high-privilege system access, increases the potential impact of processing untrusted content.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted data from external websites using 'playwright-cli'.
- Ingestion points: Data enters the agent context from the body and title of external websites accessed via browser automation.
- Boundary markers: There are no delimiters or instructions to ignore embedded commands in the retrieved text.
- Capability inventory: The agent has access to powerful tools like 'networksetup' and 'brew' for system modification.
- Sanitization: There is no evidence of validation or sanitization of content retrieved from external sources before it is analyzed by the agent.
Audit Metadata