Skills
skills/yikuaibanzi/forge-skill/forge-self/Gen Agent Trust Hub

forge-self

Fail

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill is designed to ingest and analyze highly sensitive private communication data, including WeChat logs, social media exports, and personal diaries. Accessing these types of files represents a high-risk data exposure, as they contain intimate personal details and contact information.
  • [COMMAND_EXECUTION]: The skill's workflow depends on the execution of multiple local Python scripts (including wechat_parser.py, social_parser.py, diary_parser.py, and journal_analyzer.py) via the Bash tool to process user data.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it parses and analyzes untrusted external content (chat logs, diaries) provided by the user. \n
  • Ingestion points: Sensitive external files are read by parsers in Phase 2 and Phase 4 of the process. \n
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the logs are defined. \n
  • Capability inventory: The agent has access to powerful tools including Bash, Write, Edit, and the Agent tool (which allows spawning other agents). \n
  • Sanitization: There is no evidence of content sanitization or validation to prevent malicious instructions embedded in the logs from being followed during the analysis phase.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 7, 2026, 07:46 AM