ljg-learn
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill explicitly instructs the agent to run the 'date' shell command to generate a timestamp for file naming.
- [COMMAND_EXECUTION]: The skill requires writing generated reports to the local file system at '~/Documents/notes/', which is a sensitive capability.
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for Indirect Prompt Injection (Category 8).
- Ingestion points: The '{概念名}' (concept name) variable is directly controlled by the user.
- Boundary markers: The instructions lack boundary markers or specific guidance to treat user input as non-executable data.
- Capability inventory: The agent has shell execution and file writing permissions in the local environment.
- Sanitization: There is no requirement for the agent to sanitize or validate the user-provided concept name before incorporating it into a file path or shell context, potentially allowing for path traversal or command injection.
Audit Metadata