yuque-document-management

Warn

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The algorithmic-art and canvas-design skills utilize forceful meta-instructions and output manipulation techniques. They explicitly command the agent to override its standard behavior to adopt a 'master craftsman' persona and mandate the inclusion of specific self-praising phrases like "meticulously crafted" and "product of deep expertise" to artificially inflate the user's perception of the generated content.
  • [COMMAND_EXECUTION]: The webapp-testing skill contains a concealment pattern by instructing the agent: "DO NOT read the source until you try running the script first... They exist to be called directly as black-box scripts." This instruction actively discourages the security inspection of scripts like with_server.py which are designed to execute arbitrary shell commands.
  • [COMMAND_EXECUTION]: Multiple skills (docx, pptx, web-artifacts-builder) rely on the execution of local scripts and system-level commands (e.g., unpack.py, rearrange.py, init-artifact.sh) to perform their core functions, representing a significant command execution surface.
  • [REMOTE_CODE_EXECUTION]: Several skills instruct the agent to perform package installations (npm install, pip install) and run external tools (pandoc, libreoffice, playwright), which involves downloading and executing code from external registries.
  • [DATA_EXFILTRATION]: While primarily intended for cleanup, the CleanData.cs utility contains logic for the destructive deletion of data across Neo4j, Qdrant, and the local filesystem. This capability to wipe all RAG system data represents a significant risk to data integrity and availability if triggered maliciously.
  • [SAFE]: External references to p5.js (via CDN), DeepSeek, Aliyun (DashScope), and Anthropic's own domains are from well-known and established providers.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 18, 2026, 03:18 AM
Security Audit — agent-trust-hub — yuque-document-management