qiaomu-opencli-autofix
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill instructs the agent to read and analyze untrusted content from external websites to perform repairs.
- Ingestion points: The agent reads 'page.snapshot' (DOM content) and 'networkRequests' (API data) from 'diagnostic.json' which are populated from arbitrary target websites.
- Boundary markers: Absent. There are no instructions or delimiters used to separate untrusted website content from the agent's core instructions.
- Capability inventory: The agent has access to 'Bash' (opencli suite), 'Read', 'Edit', and 'Write' tools, allowing it to modify and execute local source code.
- Sanitization: Absent. No validation or filtering is performed on the ingested website content before analysis.
- [COMMAND_EXECUTION]: The skill facilitates the automated modification of local TypeScript adapter files based on external data analysis. This creates a risk where a malicious website could influence the agent to write and subsequently execute harmful code within the local development environment.
Audit Metadata