aippt
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The documentation in
05_图床上传方法.mdandtips/image-upload.mdcontains a hardcoded API key (6d207e02198a847aa98d0a2a901485a5) for thefreeimage.hostAPI. Providing functional credentials in plaintext within skill files is a significant security risk. - [DATA_EXFILTRATION]: The skill's instructions and example commands in
05_图床上传方法.mdandtips/image-upload.mddirect the agent to upload local image files to public third-party services includingfreeimage.host,catbox.moe, andlitterbox.catbox.moe. These domains are not on the permitted whitelist and could lead to the exposure of sensitive user data to external platforms. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted user data (article text and presentation templates) and interpolates it into prompts for AI image generation models. Ingestion points: Data enters the system via content provided in
03_内容分段方法.mdand04_内容映射方法.md. Boundary markers: The prompt templates in02_PPT模板分析方法.mdand04_内容映射方法.mdutilize markers such as【不可改区域】and【生成指令】to attempt to isolate instructions from data, though these are not definitive security boundaries. Capability inventory: The skill usescurlfor network requests to external APIs and a Node.js script (scripts/images2pptx.js) for local file system manipulation and PPTX generation. Sanitization: There is no evidence of input validation, filtering, or escaping for user-provided content before it is processed in the AI prompt pipeline.
Recommendations
- AI detected serious security threats
Audit Metadata