soft-copyright-application
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a Python script (
gen_code_front_back_1500.py) to automate the extraction of source code segments. The agent is instructed to execute this script or replicate its file-processing logic using project-specific parameters like directory paths and file sequences.- [DATA_EXPOSURE]: The main instructions (SKILL.md) contain a hardcoded absolute file path (/Users/liushangliang/github/phenix3443/idea/材料模板/...) intended as a default location for application templates. While this path reveals the author's local directory structure, it is used for local resource retrieval and does not involve network exfiltration.- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted source code from external projects to perform line counting and keyword scanning. - Ingestion points: Source code files located within the user-provided 'Target Project Path'.
- Boundary markers: None identified; the agent reads and processes the source code lines directly.
- Capability inventory: File system read and write operations performed by the included Python script.
- Sanitization: Input paths are normalized using standard libraries; however, there is no specific sanitization for the content of the ingested source code.
Audit Metadata