Skills
skills/li-chunyuan/djtu_thesis_latex_template/reflection-writer/Gen Agent Trust Hub

reflection-writer

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill has a large attack surface as it processes untrusted external content without security boundaries.\n
  • Ingestion points: The skill reads arbitrary file formats (txt, pdf, md, screenshots) from the sparks/ directory.\n
  • Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded commands when analyzing source materials.\n
  • Capability inventory: The skill accesses sensitive context in the references/ folder (e.g., longge_company.md) and writes the final output to idea.md.\n
  • Sanitization: Absent; the AI is encouraged to 'understand the author' and their 'implicit assumptions,' making it prone to following instructions hidden within the text.\n- Data Exposure (MEDIUM): The access to the references/ folder allows the skill to utilize sensitive organizational context. While necessary for the feature, the lack of input isolation means this data could be exposed in the dialogue or final document if an injection occurs.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:11 AM