ljg-roundtable
Warn
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute a shell command (
date +%Y%m%dT%H%M%S) to generate a timestamp for naming output files saved to the local filesystem. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by ingesting untrusted user input to define the roundtable topic which then drives the agent's behavior.
- Ingestion points: User input for the roundtable topic (議題) is captured and processed in
SKILL.md(Step 2). - Boundary markers: No explicit delimiters, such as XML tags or markdown blocks with 'ignore embedded instructions' warnings, are used when interpolating the topic into participant prompts.
- Capability inventory: The skill has the ability to write files to the local system (
~/Documents/notes/) and execute shell commands (date). - Sanitization: There is no evidence of input validation or character filtering for the user-provided topic before it is used in system interactions or file path construction.
- [COMMAND_EXECUTION]: The skill constructs file paths for export using a user-controlled keyword (
{议题关键词}). This presents a path traversal risk, potentially allowing a user to specify a topic containing characters like../to write data to unintended locations or overwrite system files, depending on the tool execution environment's safety constraints.
Audit Metadata