work-report
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructs the agent to use a Bash command (textutil -stdout -convert txt "文件路径.rtf") to process user-provided file paths. This pattern is vulnerable to shell command injection if a user provides a filename containing shell metacharacters (e.g., $(command) or ; command ;).
- [PROMPT_INJECTION] (HIGH): The skill has a high-risk indirect prompt injection surface. It ingests untrusted content from various document formats (.rtf, .docx, .md, .txt) in Step 3 and 4. There are no boundary markers or sanitization protocols defined. Since the skill is granted powerful tools like 'Bash' and 'Write', malicious instructions embedded within these external report files could hijack the agent to perform unauthorized file system or system-level operations.
Recommendations
- AI detected serious security threats
Audit Metadata