Skills
skills/miantiao-me/aigc-weekly/publish-weekly/Gen Agent Trust Hub

publish-weekly

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHDATA_EXFILTRATION
Full Analysis
  • Data Exposure & Exfiltration (HIGH): The skill allows reading arbitrary files from the local filesystem through the filename input parameter. There is no evidence of path sanitization or restriction to a specific directory.
  • Evidence (Ingestion): File SKILL.md defines an input filename which is used to read content from the working directory.
  • Evidence (Exfiltration): The content of the file specified by filename is subsequently sent to an external REST endpoint {BASE_URL}/api/weekly via a POST or PATCH request.
  • Risk: An attacker could provide a path like ../../.env or ~/.ssh/id_rsa to read and upload sensitive credentials to the CMS.
  • Indirect Prompt Injection (HIGH): The skill processes untrusted external content (local markdown files) and possesses high-privilege capabilities (network write operations).
  • Ingestion points: The {filename} parameter in SKILL.md triggers the reading of external file content.
  • Boundary markers: None. The content is read and mapped directly to the content field of the JSON payload.
  • Capability inventory: The skill performs GET, POST, and PATCH requests to an external API and writes response logs to the local disk (published/{week_id}.json).
  • Sanitization: No sanitization or validation of the file content is mentioned before it is processed or sent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 10:20 AM