Skills
skills/yuque/yuque-skills/group-knowledge-report/Gen Agent Trust Hub

group-knowledge-report

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection surface detected.
  • Ingestion points: Untrusted data enters the context through document activity statistics (titles, popular documents) via the yuque_group_doc_stats tool in SKILL.md.
  • Boundary markers: The skill instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when interpolating external data into the report template.
  • Capability inventory: The skill has the capability to write content back to the platform using the yuque_create_doc tool as described in SKILL.md.
  • Sanitization: There is no mention of sanitization, escaping, or validation of the ingested document metadata before it is formatted into the final report.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 09:11 AM
Security Audit — agent-trust-hub — group-knowledge-report