ai-court
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a shell script
scripts/doctor.shused for verifying the installation of platform dependencies and the validity of configuration files in the user's home directory. The script is benign and performs standard diagnostic checks. - [COMMAND_EXECUTION]: System instructions for the
silijianagent (inconfigs/feishu/agents/silijian.md) include the use ofnode scripts/task-store.jsto manage and track project task states, which is a core part of the skill's operational logic. - [PROMPT_INJECTION]: The
duchayuanagent (inconfigs/feishu/agents/duchayuan.md) is designed to ingest external data from GitHub, specifically commit information and code diffs, for the purpose of automated code review. This creates an interface for indirect prompt injection where instructions could be hidden in code changes. - Ingestion points: External GitHub commit data and code diffs provided via webhook triggers.
- Boundary markers: Absent; the prompt lacks explicit delimiters or instructions to the agent to ignore commands embedded within the diff content.
- Capability inventory: The system can send messages to external channels (Feishu/Discord), facilitate inter-agent communication, and execute local tracking scripts.
- Sanitization: No visible sanitization or filtering logic is present in the agent prompts to handle potentially malicious input from the code diffs.
Audit Metadata