Skills
skills/cantian-ai/bazi-persona-skill/bazi-persona/Gen Agent Trust Hub

bazi-persona

Fail

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: CRITICALEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches dependencies from the official npm registry, including standard packages like pinyin-pro and vendor-specific libraries from cantian-ai (e.g., cantian-tymext). An automated alert for an esbuild dependency was identified as a false positive from a well-known service.\n- [COMMAND_EXECUTION]: Utilizes local Node.js scripts to perform astrology calculations and manage persona files within the user's home directory (e.g., ~/.bazi-personas). These operations are consistent with the skill's stated purpose of building and maintaining local AI personas.\n- [INDIRECT_PROMPT_INJECTION]: The skill ingests external data from URLs, chat logs, and text files to refine personas, which is its primary function.\n
  • Ingestion points: Data enters through the text-file, chat-file, and url arguments processed in skill_writer.ts.\n
  • Boundary markers: Ingested content is organized under markdown headers (## Memory, ## Reality Anchors) in the final SKILL.md file.\n
  • Capability inventory: The skill possesses the Bash tool and file-writing capabilities, restricted to specific persona and agent configuration directories.\n
  • Sanitization: Implements text cleaning to remove HTML and redundant whitespace but does not perform instruction-specific sanitization, which is expected for this specific use case.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 10, 2026, 05:44 AM