linkfox-ruiguan-graphic-trademark
Warn
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions require the agent to execute local Python scripts using shell commands. This pattern introduces a risk of command injection if user-provided strings, such as file paths or product titles, are passed to the shell without proper sanitization.
- [DATA_EXFILTRATION]: The upload script reads files from the local filesystem and transmits them to a remote vendor-controlled server. While the script includes extension-based filtering, this capability could be exploited to exfiltrate sensitive local data if files are renamed to bypass those checks.
- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection because it ingests untrusted data from both the user and external trademark databases without employing boundary markers or sanitization. This data is then used in a context where high-privilege capabilities like shell execution are available. Ingestion points: imageUrl, productTitle, trademarkName. Boundary markers: Absent. Capability inventory: Shell command execution via local scripts. Sanitization: Absent.
Audit Metadata