yuque-document-management
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The
yuque-document-managementskill (SKILL.md) processes external content viamcp_YuQueMCP_get_document. This creates a vulnerability where malicious document content could hijack the agent's logic to execute destructive tools. \n- Ingestion points:mcp_YuQueMCP_get_documentin SKILL.md. \n- Boundary markers: None identified. \n- Capability inventory:delete_document,update_document,move_documentin SKILL.md. \n- Sanitization: None identified.\n- Command Execution (MEDIUM): Theweb-artifacts-builderandwebapp-testingcomponents execute shell commands and manage server lifecycles through scripts likescripts/init-artifact.shandscripts/with_server.py. Specifically,with_server.pyexecutes user-provided strings as shell commands to start servers.\n- External Downloads (MEDIUM): Theslack-gif-creatorandweb-artifacts-builderskills trigger runtime installation of multiple Python and Node.js packages (e.g., pillow, imageio, parcel, html-inline) which could lead to supply chain attacks if dependencies are compromised.\n- Dynamic Execution (MEDIUM):web-artifacts-builderutilizes Parcel to bundle code into self-contained HTML artifacts, involving runtime asset processing and inlining.
Recommendations
- AI detected serious security threats
Audit Metadata