bless
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructs the agent to execute recursive grep commands on the user's local project directory to find 'names' and 'signatures'. It also suggests running shell scripts like 'blessing.sh' which are not provided in the skill package.
- Evidence: 'grep -r "署名|签名|author|name" /用户的项目路径' in SKILL.md.
- Evidence: Reference to './blessing.sh --type spring-festival' in creative_blessing_methods.md.
- [DATA_EXFILTRATION] (MEDIUM): The automated recursive searching of local files for 'author' and 'name' fields can lead to the accidental exposure of sensitive metadata, developer identifiers, or hardcoded strings that match these patterns.
- Evidence: Step 1 in SKILL.md prioritizing data extraction from the user's project path.
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection. It ingests untrusted data from local files (via grep) and uses it to drive the agent's 'creative' output and logic.
- Ingestion points: Local project files searched via 'grep' in SKILL.md.
- Boundary markers: Absent. There are no instructions to ignore malicious commands embedded in the found 'names' or 'authors'.
- Capability inventory: Shell command execution (grep, python), potential terminal interaction, and image generation API calls.
- Sanitization: Absent. Data found in project files is used directly to personalize the agent's behavior.
- [EXTERNAL_DOWNLOADS] (LOW): The script 'check_festival.py' attempts to use an external library 'lunarcalendar'. While this is a standard package, it is a dependency that may need to be installed at runtime.
Recommendations
- AI detected serious security threats
Audit Metadata