Skills
skills/openharmonyinsight/openharmony-skills/dsoftbus_safety_guard/Gen Agent Trust Hub

dsoftbus_safety_guard

Pass

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: LOWCOMMAND_EXECUTION
Full Analysis

The skill consists of a main markdown file (SKILL.md) and a supplementary documentation file (references/security_rules_explained.md).

SKILL.md Analysis:

  • Metadata Poisoning: The skill's name and description are benign and accurately reflect its purpose. No malicious instructions were found in the metadata.
  • Prompt Injection: No prompt injection patterns (e.g., 'IMPORTANT: Ignore', 'Override') were detected. The use of '⚠️ 重要' is for emphasis in a benign, instructional context.
  • Data Exfiltration: The skill explicitly states it is a '只读审查工具' (read-only review tool) and '不修改任何源文件' (does not modify any source files). It describes generating reports to a local directory (d:/code-review-YYYYMMDD-HHMMSS/). No sensitive file paths are accessed, and no network operations to non-whitelisted domains are indicated.
  • Obfuscation: No obfuscation techniques (Base64, zero-width characters, homoglyphs, etc.) were found.
  • Unverifiable Dependencies: The skill describes using existing tools like git status, Grep, and Glob for analysis. It does not instruct the agent to install any external packages or download code from untrusted sources. These tools are standard and used in a read-only manner.
  • Privilege Escalation: No commands indicating privilege escalation (e.g., sudo, chmod 777) were found.
  • Persistence Mechanisms: No attempts to establish persistence (e.g., modifying .bashrc, crontab) were detected.
  • Indirect Prompt Injection: The skill's purpose is to analyze user-provided code. While the analyzed code could theoretically contain malicious prompts, the skill itself is designed to detect such issues, not to be vulnerable to them in its own instructions.
  • Time-Delayed / Conditional Attacks: No time-delayed or conditional triggers for malicious behavior were identified.

references/security_rules_explained.md Analysis:

  • This file serves as detailed documentation for the security rules the skill applies. It contains C/C++ code examples demonstrating both vulnerable and fixed code patterns. These examples are purely illustrative and are not executed by the AI agent. No threats were found within this documentation file itself.

Overall Conclusion: Both files are consistent with the stated purpose of a read-only code review tool. The skill explicitly limits its operations to analysis and report generation, without modifying source code or performing external network requests. All described commands (git status, Grep, Glob) are used in a read-only, local context. Therefore, the skill is deemed safe.

Audit Metadata
Risk Level
LOW
Analyzed
Feb 13, 2026, 03:42 AM