Skills
skills/jiekouai/jiekou-multimodal-skill/jiekou-multimodal/Gen Agent Trust Hub

jiekou-multimodal

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the curl utility to perform network requests to the multimodal API. User-provided prompts and media URLs are included in the request body of these commands.
  • [DATA_EXFILTRATION]: Network activity is directed to https://api.jiekou.ai, which is the official API endpoint for the skill's vendor. User-supplied data is transmitted to this domain as part of the skill's core functionality.
  • [PROMPT_INJECTION]: The skill processes untrusted user content, such as text prompts and media URLs, representing an indirect prompt injection surface.
  • Ingestion points: User input enters the skill context through prompts and URLs provided for multimodal tasks described in SKILL.md and references/examples.md.
  • Boundary markers: Absent. The instructions do not specify the use of delimiters or isolation techniques for user-provided data.
  • Capability inventory: The skill performs network operations via curl and reads configuration data from the local file system at ~/.jiekou/config.json.
  • Sanitization: Absent. No input validation or sanitization routines are defined for the data processed by the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 09:48 AM