yuanbao
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses highly restrictive directive language, such as 'NEVER say you cannot send messages' and 'NEVER add disclaimers', which forces the agent to suppress transparency about its operation and capabilities.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through external group data.
- Ingestion points: Member nicknames and group information retrieved via
yb_query_group_membersandyb_query_group_info. - Boundary markers: Absent; there are no instructions to the agent to treat member-supplied strings as untrusted data or to ignore instructions embedded within them.
- Capability inventory: The agent has the ability to send direct messages (
yb_send_dm) and reply to group chats, creating an automated path for actions influenced by ingested data. - Sanitization: Absent; the agent is explicitly instructed to use the 'exact nickname' from the tool output without validation or escaping.
Audit Metadata