an-jian
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process untrusted code from external skills for auditing purposes. \n
- Ingestion points: External skill files are read at paths provided via the /安检 or /security commands. \n
- Boundary markers: Absent; the instructions do not require the use of delimiters or warnings to ignore embedded instructions when reading target files. \n
- Capability inventory: The skill has file-writing and modification capabilities through its 'auto-fix' mechanism and manual remediation phase. \n
- Sanitization: Absent; no escaping or sanitization of ingested content is performed before the agent evaluates it for risks. \n- [SAFE]: Heuristic detections for fork bombs, reverse shells, and destructive system commands are confirmed as false positives. \n
- Evidence: Malicious patterns such as ':(){ :|:& };:', 'nc -e /bin/sh', and 'rm -rf /' are included in SKILL.md and rules/dangerous-patterns.md solely as reference signatures for the skill's security scanning functionality and are not active or executed.
Audit Metadata