Skills
skills/langgenius/dify-docs/dify-docs-feature-research/Gen Agent Trust Hub

dify-docs-feature-research

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands including git fetch, git checkout, and git pull to synchronize the local codebase, as well as gh issue list and gh search to retrieve community feedback. These operations are transparently defined in SKILL.md and are necessary for the skill's documented research purpose.
  • [DATA_EXFILTRATION]: Network activity is performed through git and gh targeting github.com. These operations are limited to fetching publicly available code and issue metadata from the vendor's repository (langgenius/dify). No sensitive user data or local secrets are transmitted.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting external data from GitHub issues and discussions. 1. Ingestion points: Community feedback retrieved via the gh tool in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Execution of shell commands (git, gh) as defined in SKILL.md. 4. Sanitization: Absent. Although the surface exists, the risk is negligible as the data is used solely for descriptive synthesis and is not interpolated into dangerous command arguments.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 06:58 AM