Skills
skills/acking-you/codex-bridge/qq-current-history/Gen Agent Trust Hub

qq-current-history

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted chat history from external QQ users, creating a surface for Indirect Prompt Injection where malicious instructions in chat messages could potentially influence agent behavior.
  • Ingestion points: Message content is retrieved and printed by query_current_history.py (line 99) for the agent to process.
  • Boundary markers: Absent. The skill does not provide delimiters or instructions to ignore instructions within the retrieved text.
  • Capability inventory: While not defined in this skill, the agent environment typically includes file-system access and shell execution capabilities.
  • Sanitization: The script does not perform sanitization, filtering, or escaping of the message content before it enters the agent's context.
  • [SAFE]: The skill uses a local session token stored in a JSON file to authenticate with a local bridge API (127.0.0.1), which is a standard and safe practice for local tool integration.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 09:41 AM