yao-geo-article-friendly

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted external content from multiple file formats (.md, .txt, .html, .docx, .pdf).
  • Ingestion points: Untrusted data enters the agent context through pasted text or file paths specified in SKILL.md.
  • Boundary markers: The skill lacks explicit instructions for the agent to ignore command-like strings or instructions embedded within the source article content.
  • Capability inventory: The skill has access to the local file system (saving Markdown artifacts) and the bash shell as defined in agents/interface.yaml.
  • Sanitization: No explicit sanitization or filtering of the input file content is performed before processing. However, the internal workflow's focus on preserving 'core claims' and 'original meaning' acts as a functional constraint against malicious redirection.
  • [COMMAND_EXECUTION]: The agents/interface.yaml file configures the skill to use the bash shell for execution. This is a platform-level configuration intended for local file handling and environment interaction. No specific shell commands or script files containing dangerous operations were found within the skill's instruction set or reference files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 02:40 AM
Security Audit — agent-trust-hub — yao-geo-article-friendly