ruanzhu
Fail
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill mandates a specific bash command:
cp ~/.claude/templates/ruanzhu/generate_docx.py ./generate_docx.py && python3 generate_docx.py $ARGUMENTS && rm generate_docx.py. This pattern of copying a script to the local directory, executing it, and then immediately deleting it is a classic indicator of malicious activity designed to hide evidence of what was executed. - [REMOTE_CODE_EXECUTION] (HIGH): It executes a Python script located in a hidden system path (
~/.claude/...). The contents of this script are not provided, yet it is granted permission to scan the entire local project directory and process file contents. This represents an unverified code execution risk. - [EXTERNAL_DOWNLOADS] (MEDIUM): The error handling section explicitly instructs the agent to "自动 pip install 安装" (automatically pip install) the
python-docxlibrary if missing. Automatic installation of packages without user consent is a security risk that can be exploited via dependency confusion or malicious versioning. - [PROMPT_INJECTION] (MEDIUM): The skill uses highly authoritative language ("必须执行以下命令" / "Must execute the following command", "禁止任何其他操作" / "Prohibit any other operations") intended to override the AI agent's standard operational guidelines and safety filters, specifically forbidding the agent from inspecting the code or the environment before execution.
Recommendations
- AI detected serious security threats
Audit Metadata