iflytek-text-proofread
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill handles authentication via environment variables (IFLY_APP_ID, IFLY_API_KEY, IFLY_API_SECRET), following secure practices for secret management.
- [DATA_EXFILTRATION]: Text data is sent to the official iFlytek API endpoint (cn-huadong-1.xf-yun.com) to perform proofreading, which is the primary intended function of the skill.
- [COMMAND_EXECUTION]: The skill executes a local Python script to process text and communicate with the API.
- [SAFE]: No third-party dependencies or remote scripts are downloaded; the script uses only the Python standard library.
- [SAFE]: The skill processes external text input from files or stdin, presenting a potential surface for indirect prompt injection. However, it does not execute instructions from the data. Evidence: Ingestion point (scripts/text_proofread.py), Boundary markers (Absent), Capability inventory (scripts/text_proofread.py reads files), Sanitization (Absent).
Audit Metadata