vendor-implementation
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [PROMPT_INJECTION] (SAFE): No instructions found that attempt to bypass AI safety filters or override system instructions. The content is strictly instructional for software development.
- [DATA_EXPOSURE] (SAFE): No hardcoded credentials or sensitive file paths were detected. The skill explicitly includes a security warning: '绝不在代码中硬编码密钥' (Never hardcode keys in code).
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references framework-specific packages (@yuants/cache, @yuants/data-order). No suspicious external downloads or remote script execution patterns (like curl | bash) are present.
- [COMMAND_EXECUTION] (SAFE): No dangerous system commands or arbitrary code execution patterns were identified in the instructions or code snippets.
- [OBFUSCATION] (SAFE): The content is clear and uses standard Markdown and TypeScript. No hidden characters, Base64 encoding, or homoglyphs were detected.
- [INDIRECT_PROMPT_INJECTION] (SAFE): While the skill describes how to build tools that interface with external APIs (which is a common attack surface), the skill itself is a static guide and does not introduce runtime injection vulnerabilities into the agent's core logic.
Audit Metadata