Skills
skills/chinadaas-department/qibook-skills/qibook-company-profile/Gen Agent Trust Hub

qibook-company-profile

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from an external API and presents it directly to the agent.
  • Ingestion points: Enterprise data is ingested from the QiBook API via scripts/base.py and scripts/combined_query.py.
  • Boundary markers: Absent. The skill does not use delimiters or specific instructions to prevent the agent from following commands potentially embedded in the API responses.
  • Capability inventory: The skill has Bash and Read permissions to execute its Python logic and process local files.
  • Sanitization: The processing logic performs field translation and formatting but does not sanitize the string content for injection patterns.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to the QiBook API using the requests library. In scripts/base.py, the call_api function sets verify=False and uses urllib3.disable_warnings to suppress security alerts. This disables SSL/TLS certificate verification, which is a significant security weakness that allows for man-in-the-middle (MITM) attacks.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 06:40 AM