humanizer-zh
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The installation instructions (Methods 1 and 2) direct the user to download and install a skill from
https://github.com/op7418/Humanizer-zh.git. This repository and user are not on the list of trusted sources. - Evidence:
npx skills add https://github.com/op7418/Humanizer-zh.gitandgit clone https://github.com/op7418/Humanizer-zh.gitin the Installation section. - [PROMPT_INJECTION] (MEDIUM): The skill identifies as an 'Indirect Prompt Injection' surface because its primary function is to process untrusted external text (AI-generated content) and reformat it for the agent's output. Malicious instructions could be embedded in the text being 'humanized'.
- Ingestion points: User-pasted text and local file content (e.g.,
/humanizer-zh article.md). - Boundary markers: Not specified in the documentation.
- Capability inventory: The skill re-reads and rewrites content, potentially influencing the agent's logic or downstream tasks.
- Sanitization: No sanitization or filtering of the processed content is mentioned.
Recommendations
- AI detected serious security threats
Audit Metadata