Skills
skills/lijigang/ljg-skill-xray-skill/ljg-xray-skill/Gen Agent Trust Hub

ljg-xray-skill

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses the shell command date to generate timestamps for Denote-style file naming and internal document metadata.
  • [COMMAND_EXECUTION]: Executes grep to extract headers from the local file ~/Documents/know/issues.org to identify active discussion points for its cognitive baseline.
  • [EXTERNAL_DOWNLOADS]: Utilizes a WebFetch mechanism to retrieve content from external URLs provided by the user for dissection.
  • [PROMPT_INJECTION]: Subject to Indirect Prompt Injection (Category 8). Ingestion points: Reads external skill definitions from ~/.claude/skills/ and arbitrary web content via WebFetch. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when processing external content. Capability inventory: Executes shell commands (date, grep), reads personal knowledge files, and writes reports to the local filesystem. Sanitization: No validation or filtering of the fetched external content is performed before analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 10:39 AM