copy-assistant
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by processing untrusted user text through external AI models and search tools without adequate isolation or sanitization. Maliciously crafted input could potentially influence the behavior of the AI or the search tool. (1) Ingestion points: The 'text' parameter in the handler functions of both scripts/ai_writer.py and scripts/ai_writer_zhipu.py accepts untrusted data. (2) Boundary markers: No delimiters or isolation markers are used when embedding user text into prompts for the Zhipu API. (3) Capability inventory: The skill can make network requests via the requests library and invoke the 'aisearch-mcp-server__chatCompletions' search tool. (4) Sanitization: No logic is present to filter or validate user instructions within the input text.
- [DATA_EXFILTRATION]: The skill transmits user-provided content to external endpoints, including the Zhipu GLM-4 API and the configured search tool. This behavior exposes any sensitive information included in the text to these third-party providers.
- [EXTERNAL_DOWNLOADS]: The implementation in scripts/ai_writer_zhipu.py depends on the external 'requests' library and references a local 'src.config' module that is expected to exist in the environment's parent directory structure.
Audit Metadata