compose
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection from untrusted user content.
- Ingestion points: The agent ingests a "参考文章" (reference article) provided by the user in the "Reference Mode" (参考模式) defined in SKILL.md.
- Boundary markers: The instructions lack delimiters or explicit directives to the agent to treat the reference article solely as data and to ignore any embedded instructions or behavioral overrides.
- Capability inventory: The skill can read local files (
./writing-workspace/styles/my_style.json,./writing-workspace/materials/index.json) and write draft files to the local file system (./writing-workspace/drafts/). - Sanitization: There is no evidence of content sanitization or validation of the ingested reference article to prevent the execution of embedded instructions.
Audit Metadata