style-modeler
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to bypass security limits of external services (WeChat Official Accounts) by manipulating browser parameters like User-Agent and disable-blink-features.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks. It retrieves content from arbitrary user-provided URLs through the
web-article-extractortool and processes the raw text for analysis. - Ingestion points: External URLs processed by the web-article-extractor tool (SKILL.md).
- Boundary markers: None identified; extracted content is processed as a unified "super sample" string.
- Capability inventory: Executes a bundled Python script (normalize_style_frontmatter.py) and performs file system writes to the
.claude/styles/directory. - Sanitization: None; the skill uses the raw extracted text directly for its 15-dimension analysis.
- [COMMAND_EXECUTION]: The skill invokes a local Python script
normalize_style_frontmatter.pyto maintain and normalize YAML frontmatter in its style profile database. While the script itself performs safe regex-based text processing, the pattern of executing scripts on local files is noted.
Audit Metadata