skills/lijigang/ljg-skills/ljg-blind/Gen Agent Trust Hub

ljg-blind

Pass

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands such as rg, jq, and grep to parse local JSONL logs. It incorporates user-provided date arguments directly into command strings, which presents a potential command injection surface if inputs are not properly validated by the execution environment.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with the official WeChat Reading API (i.weread.qq.com) using curl to search for relevant books and retrieve chapter details.
  • [DATA_EXFILTRATION]: It accesses sensitive local data, including conversation histories and the user's mission statement (MISSION.md). While only derived keywords are sent to the external WeChat Reading service, the capability to read these files is central to the skill's function.
  • [PROMPT_INJECTION]: By processing historical conversation logs as input for its analysis, the skill creates an indirect prompt injection surface. 1. Ingestion: ~/.claude/projects/*.jsonl; 2. Boundaries: Absent; 3. Capability inventory: Shell execution, network requests via curl, and file writing; 4. Sanitization: Performs basic filtering of tool-use and system-related metadata from the logs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 4, 2026, 03:08 PM
Security Audit — agent-trust-hub — ljg-blind