agent-onboarding
Fail
Audited by Gen Agent Trust Hub on Jun 8, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs and configures various third-party tools and packages during the onboarding process, including Node.js packages like
@jackwener/wx-cliand@larksuite/cli, and Python libraries such aspillow,matplotlib,python-pptx, andpandas. Many of these downloads target well-known services like Vercel and Lark. - [REMOTE_CODE_EXECUTION]: Documentation within the skill includes installation commands for the host platform involving scripts piped to shell execution (e.g.,
curl -fsSL https://claude.ai/install.sh | bash). These scripts originate from the official domain of the platform developer, which is a trusted organization. - [DATA_EXFILTRATION]: The skill contains a feedback mechanism in
references/反馈bug.mdthat can send debug information (operating system, project name, and sanitized error logs) to an external Feishu webhook. This process is transparent and requires explicit user consent before any data transmission. - [COMMAND_EXECUTION]: The skill frequently executes shell commands and scripts to perform its primary tasks, such as video synthesis with
ffmpeg, browser automation viaPlaywright, and local code execution for data analysis and homework verification. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and summarizes untrusted content from external sources including WeChat chat logs, email content, and user reviews. The instructions lack explicit boundary markers or sanitization steps for this ingested data.
Recommendations
- HIGH: Downloads and executes remote code from: https://claude.ai/install.sh - DO NOT USE without thorough review
Audit Metadata