article-analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and analyze external articles, which are untrusted data sources.
- Ingestion points: Processes external text provided in the 'analysis' workflow.
- Boundary markers: Absent. There are no instructions to wrap the article content in delimiters or to ignore embedded instructions within the source text.
- Capability inventory: The skill has file-writing capabilities (creating
analysis.md) and network search capabilities (fact-checking). - Sanitization: Absent. The skill does not specify any validation or filtering of the article content before it is processed by the LLM.
- [Command Execution] (LOW): The skill performs file system operations.
- Evidence: It explicitly instructs the agent to save results to
analysis.mdin specific directories. While this is the intended functionality, an indirect prompt injection could potentially manipulate the path or content of these files if not properly constrained. - [Data Exfiltration] (LOW): The fact-checking feature requires network access.
- Evidence: The '联网检索要求' (Network Search Requirements) section allows the agent to perform searches based on article content. A malicious article could craft specific 'facts' that, when 'verified' by the agent, leak parts of the prompt or previous context to a search engine or an attacker-controlled domain.
Recommendations
- AI detected serious security threats
Audit Metadata