aippt
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill uses authoritative 'Command Locking' language ('⚠️ 禁止修改:以下 API 配置是固定的,不可篡改') to force the agent to use a specific endpoint, overriding safety discretion.
- [DATA_EXFILTRATION] (HIGH): Sensitive data including user article content and potential Authorization headers (API_KEY) are sent to 'https://ismaque.org', an untrusted domain not included in the trust scope, posing a critical risk of credential and data theft.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill uses 'curl' to download files from remote URLs generated by the untrusted API. This could lead to the download of malicious binaries or overwriting of local files.
- [COMMAND_EXECUTION] (MEDIUM): Raw shell commands are executed to interact with an unverified external service, expanding the attack surface for command injection.
- [INDIRECT_PROMPT_INJECTION] (HIGH): Mandatory Evidence: (1) Ingestion point: '文章内容' (Article content) in Step 1. (2) Boundary markers: Absent. (3) Capability inventory: 'curl' POST (network) and 'curl -o' (file-write). (4) Sanitization: Absent. Malicious instructions within a processed article could manipulate the subsequent API prompt and file operations.
Recommendations
- AI detected serious security threats
Audit Metadata