get-review-theme
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to process untrusted data from external sources, including URLs, PDF files, and Word documents. This introduces a potential surface for indirect prompt injection where malicious instructions could be embedded in the processed content. To mitigate this, the skill utilizes structured prompt templates in
references/prompt_templates.mdthat employ clear boundary markers like【输入内容】to separate external data from the agent's instructions. - [COMMAND_EXECUTION]: The
SKILL.mdfile contains instructions for the agent to use the GitHub CLI (gh) and a bug-tracking utility (bensz-collect-bugs) to report design flaws to a specific repository (huangwb8/bensz-bugs). These operations are explicitly scoped to the author's own infrastructure for maintenance purposes and do not involve arbitrary command execution or unauthorized access. - [DATA_EXFILTRATION]: While the skill reads local files and interacts with web URLs, these actions are essential to its primary function of theme extraction. The bug reporting mechanism involves sending data to a remote repository, but this is restricted to bug logs and is triggered by specific development conditions or user requests, representing standard vendor-aligned functionality.
Audit Metadata