analyze-tech
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It retrieves data from external websites using WebSearch and WebFetch and then interpolates that untrusted content into the prompts of five parallel sub-agents. * Ingestion points: Untrusted web content and search snippets entering the context in Phase 1 and Phase 2. * Boundary markers: The skill uses simple text markers like '【技术快照】' but does not provide explicit 'ignore instructions' delimiters to prevent the model from obeying commands hidden in the fetched data. * Capability inventory: The skill has permission to use the 'Write' tool, meaning a successful injection could lead to unauthorized file system modifications or data corruption in the generated report. * Sanitization: There is no evidence of content sanitization, escaping, or validation of the retrieved web data before it is processed.
- [COMMAND_EXECUTION]: The skill requests the 'Bash' tool in its 'allowed-tools' metadata but does not invoke it in any of the logic phases. This constitutes over-permissioning and violates the principle of least privilege.
Audit Metadata