xianyu_accounts
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
bashcommands that interpolate user-provided input directly into the command line (e.g.,--cookie "用户提供的cookie"). This pattern is vulnerable to command injection if the input contains shell-sensitive characters like backticks, semicolons, or dollar signs. - [CREDENTIALS_UNSAFE]: Sensitive session cookies are passed as plain-text command-line arguments to the
src.climodule. This practice is insecure as command-line arguments are often visible to other users and processes via system monitors or logged in process histories. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by accepting raw strings from the user and placing them into an executable shell context.
- Ingestion points: User-provided strings for the
--cookiecommand-line argument inSKILL.md. - Boundary markers: No boundary markers or 'ignore' instructions are present to delimit the user data from the command structure.
- Capability inventory: Use of the
bashtool to execute Python CLI scripts in the workspace directory. - Sanitization: The skill lacks instructions for the agent to sanitize or validate the format of the provided cookie before command execution.
Audit Metadata