vibe-writer
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill demonstrates an attack surface for indirect prompt injection via its research and memory features.
- Ingestion points: Untrusted content is ingested during 'Step 2: 深度调研' (Research) using external search tools (Tavily, Exa, Google) and from user-provided topics.
- Boundary markers: The skill lacks explicit delimiters or instructions to ignore potential commands embedded in the research data or user inputs.
- Capability inventory: The agent has the ability to write to the local file system (
memory/preferences.md) and call external skills (baoyu-skills,image-generator). - Sanitization: No evidence of sanitization or validation of external data before it is processed or stored in the 'memory' file.
- [Data Exposure & Exfiltration] (SAFE): The skill manages a local memory file (
memory/preferences.md) to store user preferences. It does not attempt to access sensitive system files (e.g., SSH keys, credentials) or exfiltrate data to unauthorized domains. - [External Downloads] (SAFE): The skill references standard external search APIs and helper skills for image generation. These are consistent with its primary purpose as a content creator.
Audit Metadata