ljg-travel
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The workflow ingests untrusted data from various web platforms (Bilibili, Zhihu, WeChat) and processes it to generate structured notes. While this creates a potential attack surface, the risk is negligible given the descriptive travel context.
- Ingestion points: Results from the
ResearchandContentAnalysistools across multiple external platforms (SKILL.md). - Boundary markers: The skill does not define specific delimiters to isolate external content within the generated org-mode document.
- Capability inventory: The agent has the ability to write files to the
~/Documents/notes/directory and generate images using theljg-cardtool. - Sanitization: No explicit technical sanitization or escaping of external content is described beyond quality-control instructions to avoid invented content.
Audit Metadata