ljg-plain
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses the local file system to write generated content to the
~/Documents/notes/directory as part of the 'Denote 文件规范' requirement. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. 1. Ingestion points: Data is ingested via
WebFetch(URLs) andRead(file paths) as described in the '执行' section. 2. Boundary markers: There are no explicit delimiters or instructions to treat external data as untrusted or to ignore embedded commands. 3. Capability inventory: The skill has file-write capabilities to the~/Documents/notes/directory. 4. Sanitization: No sanitization or validation of the ingested content is performed before the model processes it for simplification.
Audit Metadata