li-stats
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by reading content from multiple local markdown files and file headers which could contain untrusted instructions.
- Ingestion points: The agent reads data from
03-数据统计/数据统计表.md,01-内容生产/选题管理/00-选题记录.md, and YAML frontmatter in01-内容生产/待发布的内容/中短视频/. - Boundary markers: No delimiters or instructions to ignore embedded commands are used when interpolating file content into the prompt.
- Capability inventory: The skill has the ability to read, edit, move, and delete files.
- Sanitization: No input validation or escaping is applied to the data retrieved from the file system.
- [COMMAND_EXECUTION]: The skill performs file system modifications as part of its archiving workflow.
- Evidence: Step 6.2 involves moving files to a computed path in
02-已发布内容/短视频/, and Step 6.3 explicitly performs a file deletion operation in the01-内容生产/待深化的选题/directory based on filename matching.
Audit Metadata