writing-clone-starter
Fail
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Phishing URL detected within the skill's author profile corpus.
- Evidence:
https://wxredian.com/art?id=07bf527cfa52a366210c61375cc30b6ffound inreferences/built-in-profiles/zhouzuoluo/raw-corpus/README.mdis flagged by automated scanners as phishing. - AV Detection: The file
references/built-in-profiles/zhouzuoluo/raw-corpus/README.mdhas been flagged as suspicious by antivirus software (MD:HttpRequest-inf [Susp]). - [OBFUSCATION]: The skill utilizes Base64 encoded URLs to mask external article destinations.
- Evidence: URLs in
references/built-in-profiles/zhouzuoluo/held-out-set.mduse thequanlitu.comredirector with Base64 encoded destination parameters (e.g.,aHR0cDovL21wLndlaXhpbi5xcS5jb20...). - [PROMPT_INJECTION]: Identifies a significant attack surface for indirect prompt injection via untrusted data ingestion.
- Ingestion Points: The skill instructs the agent to use tools like
web-clipperandcontent-goldmine-geminito fetch and structured raw articles from the web into the local library (references/profile-distillation/material-sync.md). - Capability Inventory: The agent processes this untrusted data to generate profiles and articles, creating a risk that malicious instructions in the source text could override agent behavior.
- Boundary Markers: There are no explicit instructions or delimiters defined to separate untrusted external content from system instructions during the distillation process.
Recommendations
- CRITICAL: 1 infected file(s) detected - DO NOT USE
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata