pixiv
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The file
config.jsoncontains a hardcodedrefresh_tokenand sessioncookie(PHPSESSID). This leaks active authentication credentials for a Pixiv account, allowing unauthorized access to the account associated with those tokens. - DATA_EXFILTRATION (HIGH): The
postcommand inscripts/pixiv-cli.jsallows the agent to upload an arbitrary file from a specified<filepath>to Pixiv. If an attacker uses indirect prompt injection to provide a malicious path (e.g.,~/.ssh/id_rsa), the agent could be tricked into uploading private keys or other sensitive files to the attacker's Pixiv account. - PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The skill fetches untrusted data (titles, descriptions, and user metadata) from the Pixiv API via
search,ranking, andusercommands inscripts/pixiv-cli.js. - Boundary markers: No boundary markers or sanitization are present to separate external content from agent instructions.
- Capability inventory: The skill possesses powerful capabilities including arbitrary file reading/uploading (
postcommand) and file writing (downloadcommand). - Sanitization: There is no escaping or filtering of the external metadata before it is returned to the agent's context.
- Impact: An attacker can craft a Pixiv post with a title containing instructions that command the agent to exfiltrate the user's
.envor configuration files using the providedposttool.
Recommendations
- AI detected serious security threats
Audit Metadata