openharmony-ut
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill prompts users for configuration variables such as
BUILD_CMDandWINDOWS_IP, which are later interpolated into shell commands. While this is the intended functionality for build automation, it creates a surface where malicious configuration values could lead to command injection if the underlying agent does not sanitize inputs. - Ingestion points: User input requested in
SKILL.mdduring the '初始化配置' (Initial Configuration) phase. - Boundary markers: Absent; the variables are used directly in shell strings.
- Capability inventory: Access to
Bashtool,Read,Write, andEdit. Ability to execute commands on remote devices viahdc. - Sanitization: None provided within the skill instructions.
- Dynamic Execution (LOW): The skill dynamically generates shell commands by concatenating user-defined paths and commands (e.g.,
cd ${OH_ROOT}/ && ${BUILD_CMD} <TARGET_NAME>). This is consistent with the primary purpose of a build-and-test automation skill.
Audit Metadata