Skills
skills/xr843/master-skill/master-ouyi/Gen Agent Trust Hub

master-ouyi

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute local Python scripts (scripts/cite.py and scripts/query.py) to handle religious citation and search tasks.
  • [PROMPT_INJECTION]: The instructions create an indirect prompt injection surface by directing the agent to pass user-supplied topics directly into shell command arguments without explicit sanitization or escaping rules.
  • Ingestion points: User-provided queries about Buddhist terminology are processed through the instructional logic in SKILL.md.
  • Boundary markers: While the skill uses <HARD-GATE> sections for persona enforcement, it lacks delimiters or instructions to prevent user input from escaping the shell command argument context.
  • Capability inventory: The skill uses Python scripts executed via the shell to interact with and retrieve content from its source documents.
  • Sanitization: No input validation or escaping instructions are provided for the command-line arguments (e.g., --text and --q) before they are populated with user input.
  • [COMMAND_EXECUTION]: An instruction in SKILL.md explicitly advises the agent to avoid reading the source code of its helper scripts ("不要 Read 源码"), which restricts the agent's ability to verify the safety or integrity of the tools it is using.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 10:28 AM