text-truncator
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted user data via the '文本内容' field. Malicious instructions embedded in the input text could potentially influence the agent's behavior because the instructions do not specify the use of boundary markers or sanitization.
- Evidence: 1. Ingestion points: '文本内容' parameter in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: No tools or code execution capabilities defined. 4. Sanitization: No input validation or filtering logic provided.
- No Code (SAFE): The skill consists entirely of markdown instructions and metadata. It does not include scripts, package manifests, or external executable dependencies, which eliminates most common attack vectors like RCE or persistence.
Audit Metadata