ljg-explain-concept
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [Command Execution] (HIGH): The skill instructs the agent to execute the shell command
date +%Y%m%dT%H%M%Sand perform file writing operations to a specific path. While the specific command is common, the integration of these capabilities with untrusted input is dangerous. - [Indirect Prompt Injection] (HIGH): The skill exhibits high-risk vulnerability surface patterns:
- Ingestion points: The user-provided concept (
{概念名}) is directly ingested into the workflow (File: SKILL.md). - Boundary markers: There are no delimiters or instructions provided to the agent to treat the user input as data rather than potential code/commands.
- Capability inventory: The skill possesses the capability to run subprocesses (shell commands) and write files to the user's home directory (
~/Documents/notes/). - Sanitization: There is no evidence of sanitization or validation of the user input before it is used to construct a filename or shell command context.
- Risk: A malicious user could provide an input such as
; rm -rf ~ ;as the 'concept', which might be executed or cause destructive file operations depending on the agent's tool implementation. - [Dynamic Execution] (MEDIUM): The skill dynamically constructs a file path and a shell command string at runtime based on user input, which is a prerequisite for injection attacks.
Recommendations
- AI detected serious security threats
Audit Metadata