siyuan
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes data from a local SiYuan Note database, creating a surface for indirect prompt injection if notes contain malicious instructions.
- Ingestion points: Content is retrieved from the database via the
get_blockandsqlcommands inscripts/siyuan_executor.py. - Boundary markers: The script does not implement specific boundary markers or 'ignore' instructions for the data it returns to the agent.
- Capability inventory: The skill has the ability to create documents, insert blocks, and execute arbitrary SQL queries on the local database.
- Sanitization: The API responses are returned as raw JSON without additional sanitization or filtering of the note content.
Audit Metadata