business-card-intake
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Potential for Indirect Prompt Injection via OCR data ingestion. * Ingestion points: Untrusted text is extracted from business card images located in
商务/图/未处理名片. * Boundary markers: The skill documentation does not specify the use of delimiters or validation to prevent OCR text from being interpreted as instructions. * Capability inventory: The skill moves and renames files and creates markdown notes, which are capabilities that can be exploited if the agent follows instructions embedded in the card text. * Sanitization: No sanitization or escaping mechanisms are described for the extracted names before they are used to generate file paths or note content. - COMMAND_EXECUTION (LOW): Risk of local command injection through generated shell scripts. * Evidence: The skill generates an
undoshell script (card_intake_undo_...sh) that contains commands to move and rename files. If the OCR-detected names used in this script contain shell metacharacters (e.g., semicolons, pipes, or backticks), running the script could result in arbitrary command execution on the user's system.
Audit Metadata