scratchpad
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines a workflow for creating files and executing them using system interpreters like Python and Bash.
- Evidence: Workflow examples in SKILL.md describe writing to local temporary directories (e.g., E:/.llm/tmp_*) and executing generated files.
- [PROMPT_INJECTION]: The skill establishes an execution surface for untrusted data by instructing the agent to test and verify code snippets derived from user input.
- Ingestion points: User requests containing phrases like '试一下' (Try it out) or '验证一下' (Verify it).
- Boundary markers: The agent is instructed to use specific markers such as [进入 Scratchpad 模式] and [退出 Scratchpad 模式] to delimit the testing environment.
- Capability inventory: The skill uses the tmpfile-server MCP tool suite (temp_write, temp_read, etc.) and system command execution.
- Sanitization: The instructions do not specify any validation or sanitization of user-provided code before it is written and executed.
Audit Metadata