Skills
skills/coooolfan/unirhy/serverchan/Gen Agent Trust Hub

serverchan

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill performs outbound network operations to a non-whitelisted third-party domain.
  • Evidence: In scripts/send.py, the script constructs a POST request to https://{user_id}.push.ft07.com/send/{key}.send to transmit the notification payload.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by processing untrusted data for notification delivery.
  • Ingestion points: The script scripts/send.py accepts title and desp (description) via command-line arguments (sys.argv).
  • Boundary markers: None identified; the payload is interpolated directly into the request data.
  • Capability inventory: The skill has outbound network POST capabilities via the urllib.request module.
  • Sanitization: The data is URL-encoded for transport, but there is no validation or sanitization of the content to prevent the transmission of malicious instructions or sensitive information handled by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 02:31 AM