jeesite
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute a local Python script (
scripts/cache_docs.py) to handle documentation retrieval and caching. This is a functional requirement of the skill and utilizes a script provided within the repository. - [EXTERNAL_DOWNLOADS]: The caching script fetches documentation pages and associated images from the official vendor domain
https://jeesite.com. These downloads are necessary to provide the user with documentation content and are directed at the author's own verified services. - [PROMPT_INJECTION]: The skill processes content fetched from an external web source, which presents an inherent surface for indirect prompt injection.
- Ingestion points: External content is retrieved from
https://jeesite.com/docs/via thecache_docs.pyscript. - Boundary markers: The instructions do not specify the use of delimiters or adversarial warnings when the agent reads the downloaded Markdown files.
- Capability inventory: The skill executes shell commands (
python3 scripts/cache_docs.py) that perform network operations and local file writes toreferences/.cache/or~/.cache/jeesite/. - Sanitization: The script performs basic HTML cleaning (removing UI elements like line numbers and headers) and uses
html2textfor Markdown conversion, which provides structural filtering but does not include specific sanitization against embedded adversarial instructions.
Audit Metadata