zhouyi-divination
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The skill specifies mandatory file operations on hardcoded absolute paths, including reading from the local workspace and writing to an iCloud-synced directory (~/Library/Mobile Documents/...), which involves automated data handling on the host system.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by ingesting untrusted data from 'mingzhu.md' without using boundary markers or sanitization to prevent embedded instructions from overriding the agent's core divination logic. Ingestion point: 'mingzhu.md'; Capabilities: Local file write; Sanitization: Absent.
- [NO_CODE]: No executable scripts, binaries, or third-party packages are present in the skill, which mitigates risks associated with remote code execution or malicious dependencies.
Audit Metadata