canghe-tianyancha
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill's instructions in
SKILL.mduse bash shell commands (test -f) to detect the existence of local preference files (EXTEND.md) to customize its behavior. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface typical of data-processing agents.
- Ingestion points: Untrusted data enters the agent context through search results retrieved via
kimi_search_v2as instructed inSKILL.md. - Boundary markers: The skill does not employ specific delimiters or instruction-ignore warnings for the searched content.
- Capability inventory: The skill has the capability to write files to the local file system using
scripts/generate_dashboard.pywithin thePythonRunenvironment. - Sanitization: The Python script performs direct interpolation of search data into HTML templates using f-strings; while it uses
json.dumpsfor structured data, many fields are inserted without HTML entity encoding, representing a potential Cross-Site Scripting (XSS) surface in the generated local dashboards.
Audit Metadata