yanzi-extension-dev

Fail

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructs the agent to extract the agentApiToken from a local configuration file at %LOCALAPPDATA%\OpenQuickHost\appsettings.local.json to authenticate with the local management API.
  • [REMOTE_CODE_EXECUTION]: The extension host allows for the dynamic compilation and execution of arbitrary C# and PowerShell code provided via manifest files (inline) or local script files. It also supports remote installation of extensions from an app store.
  • [COMMAND_EXECUTION]: The documentation provides instructions for establishing persistence and performing high-privilege system operations, such as:
  • Configuring extensions to launch automatically with the host application using the startup manifest parameter.
  • Implementing resident background services using Win32 API hooks (RegisterHotKey, SetWindowsHookEx) to persist logic after initial execution.
  • Using PowerShell for system-wide automation, including registry modification and process management.
  • [PROMPT_INJECTION]: The skill defines a significant attack surface for indirect prompt injection by ingesting untrusted data from multiple sources without sanitization:
  • Ingestion points: Data retrieved from the system clipboard (Get-Clipboard), external API responses (hitokoto.cn), and the InputText variable.
  • Boundary markers: No delimiters or safety instructions are used when processing external data.
  • Capability inventory: The skill possesses full execution capabilities for C# and PowerShell, local file system access, and network request functionality.
  • Sanitization: No validation, escaping, or filtering of ingested data is described.
  • [DATA_EXFILTRATION]: The skill combines the ability to read sensitive local tokens and system data (e.g., clipboard, configuration files) with the capability to perform outbound HTTP requests, providing a clear path for data exfiltration.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 18, 2026, 11:24 PM
Security Audit — agent-trust-hub — yanzi-extension-dev