ziniao-role
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses imperative and high-priority language ("CRITICAL — 开始前 MUST 先用 Read 工具读取...") to force the agent to read an external file before proceeding. This is an attempt to override the agent's natural instructional flow.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It ingests data from external sources (the output of
ziniao-clicommands) and incorporates it into the agent's context without boundary markers or sanitization. This could allow malicious instructions embedded in the ERP role data to influence agent behavior. - Ingestion points: Outputs from
ziniao-cli role list,ziniao-cli role detail, andziniao-cli role permissionsare processed by the agent in SKILL.md. - Boundary markers: Absent.
- Capability inventory: The skill uses
ziniao-cli(subprocess execution) as its primary tool. - Sanitization: Absent.
- [COMMAND_EXECUTION]: The skill requires the
ziniao-clibinary and provides detailed instructions for its execution to perform administrative tasks in the Ziniao ERP environment. While this is the primary purpose of the skill, it represents a significant capability surface.
Audit Metadata