learn
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands (
date/Get-Date) to generate formatted timestamps for use in note metadata and filenames. - [COMMAND_EXECUTION]: The skill executes directory creation commands (
mkdir -p/New-Item) to prepare the local filesystem for note storage at~/Documents/notes. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where user-provided content is interpolated into file system paths.
- Ingestion points: User input for the concept name (
{概念名}) is directly used to generate a filename inSKILL.md. - Boundary markers: No delimiters or ignore-instructions are specified to protect the filesystem path from malicious user input.
- Capability inventory: The skill possesses directory creation and file writing capabilities.
- Sanitization: No sanitization or validation of the user-provided concept name is performed prior to its use in the file system operations.
Audit Metadata