yao-geo-article-friendly
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted external content from multiple file formats (.md, .txt, .html, .docx, .pdf).
- Ingestion points: Untrusted data enters the agent context through pasted text or file paths specified in
SKILL.md. - Boundary markers: The skill lacks explicit instructions for the agent to ignore command-like strings or instructions embedded within the source article content.
- Capability inventory: The skill has access to the local file system (saving Markdown artifacts) and the bash shell as defined in
agents/interface.yaml. - Sanitization: No explicit sanitization or filtering of the input file content is performed before processing. However, the internal workflow's focus on preserving 'core claims' and 'original meaning' acts as a functional constraint against malicious redirection.
- [COMMAND_EXECUTION]: The
agents/interface.yamlfile configures the skill to use the bash shell for execution. This is a platform-level configuration intended for local file handling and environment interaction. No specific shell commands or script files containing dangerous operations were found within the skill's instruction set or reference files.
Audit Metadata