skills/ziniao-open/skills/ziniao-role/Gen Agent Trust Hub

ziniao-role

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill uses imperative and high-priority language ("CRITICAL — 开始前 MUST 先用 Read 工具读取...") to force the agent to read an external file before proceeding. This is an attempt to override the agent's natural instructional flow.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It ingests data from external sources (the output of ziniao-cli commands) and incorporates it into the agent's context without boundary markers or sanitization. This could allow malicious instructions embedded in the ERP role data to influence agent behavior.
  • Ingestion points: Outputs from ziniao-cli role list, ziniao-cli role detail, and ziniao-cli role permissions are processed by the agent in SKILL.md.
  • Boundary markers: Absent.
  • Capability inventory: The skill uses ziniao-cli (subprocess execution) as its primary tool.
  • Sanitization: Absent.
  • [COMMAND_EXECUTION]: The skill requires the ziniao-cli binary and provides detailed instructions for its execution to perform administrative tasks in the Ziniao ERP environment. While this is the primary purpose of the skill, it represents a significant capability surface.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:43 AM