heya-title-style
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Adopts a specific persona and uses data-driven learning to generate catchy titles, which is standard roleplay for this content creation task.\n- [PROMPT_INJECTION]: Potential attack surface for indirect prompt injection through external data ingestion.\n
- Ingestion points:
scripts/fetch-bilibili-titles.tsfetches Bilibili video titles via theuapis.cnAPI intoreferences/research/01-titles.json.\n - Boundary markers: Present. The data is injected into
SKILL.mdinside specific<!-- AUTO_START -->marker tags and markdown structures.\n - Capability inventory: Maintenance scripts use
spawnSyncandwriteFileSyncto manage and analyze datasets.\n - Sanitization: Absent. External title strings are incorporated directly into reference data without filtering for potential malicious instructions.\n- [EXTERNAL_DOWNLOADS]: Fetches Bilibili video metadata from the
uapis.cnAPI service. This is the intended data source for the skill's style learning functionality.\n- [COMMAND_EXECUTION]: Recommends the use ofnpx skills updateandbun pipelineto refresh and analyze the local writing style datasets.
Audit Metadata