cailun

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill operates on a 'zero-dependency' and 'zero-JS' principle for its generated HTML output, which effectively mitigates common web-based attack vectors such as Cross-Site Scripting (XSS) in the documents intended for sharing.
  • [COMMAND_EXECUTION]: Uses local system commands ('open' and 'bash') to handle the generated HTML files. This is limited to opening files for viewing and performing format conversion (PNG export) via a local script included in the repository.
  • [DATA_EXPOSURE]: Accesses a specific local configuration file at '~/.config/cailun/luokuan.md' to retrieve user-defined signature metadata (name and seal text). This is a standard practice for application-specific configuration and does not target sensitive system credentials.
  • [SAFE]: Implements a 'copy-list' (抄录清单) confirmation step before generating the final output, providing a manual check on ingested data and ensuring transparency in how dialogue content is utilized.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 02:11 AM