xhs-copywriter
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is highly susceptible to indirect prompt injection because it ingests external untrusted content and has file-write capabilities. Ingestion points: Reads from '待优化笔记/content.txt' and user input (workflow/step1-读取输入.md). Boundary markers: No delimiters or instructions to ignore embedded commands are present in the prompts. Capability inventory: Modifies the file 'D:\自动化\自动发布\素材\content.txt' (workflow/step6-质量自检.md). Sanitization: No sanitization or validation of the input content is performed.
- File System Access (LOW): The skill hardcodes an absolute Windows file path ('D:\自动化\自动发布\素材\content.txt') for its output in 'SKILL.md' and 'workflow/step6-质量自检.md'. Overwriting files at fixed paths without validation is a security risk that can be exploited if the environment is not properly restricted.
Recommendations
- AI detected serious security threats
Audit Metadata