ai-article
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external sources and local files. 1. Ingestion points: Untrusted content is read from the user-provided
./sucai.mdfile and through theweb_searchtool during the information gathering phase. 2. Boundary markers: The instructions lack explicit delimitation or sanitization rules for identifying and ignoring instructions embedded within the processed data. 3. Capability inventory: The skill utilizes subprocess execution for thedatecommand and has write access to a specific local directory (docs/src/sidebar/itwanger/ai/). 4. Sanitization: No input validation or filtering of external content is specified in the workflow. - [COMMAND_EXECUTION]: The skill explicitly instructs the agent to execute the
datecommand via bash to provide a temporal context for search queries and article metadata.
Audit Metadata