zhang-yiming-perspective
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Analysis of the skill instructions and research files confirms no presence of malicious logic, credential harvesting, or unauthorized network operations.
- [PROMPT_INJECTION]: The skill's workflow includes ingesting untrusted data through web searches to provide factual grounding. While this presents an indirect prompt injection surface, the risk is inherent to search-augmented functionality and the skill contains no logic that would escalate these inputs to dangerous capabilities. 1. Ingestion points: Web search results (SKILL.md, Step 2). 2. Boundary markers: Absent. 3. Capability inventory: WebSearch tool. 4. Sanitization: Absent.
- [EXTERNAL_DOWNLOADS]: The skill includes installation instructions via 'npx' targeting the author's own software repository, which is a standard distribution method for this vendor and presents no evidence of typosquatting or malicious intent.
Audit Metadata