market-research-html
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection. 1. Ingestion points: Untrusted external data is ingested through the 'research-lookup' tool during the data collection phase (SKILL.md). 2. Boundary markers: Absent; the skill lacks explicit delimiters or instructions to ignore embedded commands in the retrieved research content. 3. Capability inventory: The agent has 'Bash', 'Write', and 'Edit' permissions, allowing it to execute local scripts and modify the file system based on processed data. 4. Sanitization: Absent; external content is interpolated directly into report chapters and passed as arguments to Python scripts.
- COMMAND_EXECUTION (MEDIUM): The skill utilizes the 'Bash' tool to execute local Python scripts ('generate_market_visuals.py'). There is a risk of command injection if the '[市场名称]' (Market Name) topic, which is passed as a command-line argument, is derived from untrusted input without proper escaping.
- REMOTE_CODE_EXECUTION (MEDIUM): The skill requires and executes local Python scripts that are referenced but not provided in the source files. While they are local, their execution via Bash with untrusted parameters presents a blind spot in the analysis.
Recommendations
- AI detected serious security threats
Audit Metadata