Skills
skills/jinchenma94/bazi-skill/bazi/Gen Agent Trust Hub

bazi

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection surface identified. The skill collects untrusted text from the user (such as names and birthplaces) and interpolates it into subsequent reasoning steps without sanitization or protective delimiters.
  • Ingestion points: SKILL.md (Steps 1 through 7) collect user-supplied name, former name, and location.
  • Boundary markers: Absent; user input is directly used in the confirmation and analysis phases.
  • Capability inventory: System date command execution.
  • Sanitization: None; the skill does not validate or escape user-provided strings before processing.
  • [COMMAND_EXECUTION]: The skill requires the execution of the system date command in SKILL.md (Step 8) to establish the current time for "Great Luck" (Da Yun) and "Flowing Year" (Liu Nian) calculations. This is a benign use of system tooling aligned with the skill's documented purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 01:02 AM