Skills
skills/qingchunwuhui/xianfengaiskills/evidence-planner/Gen Agent Trust Hub

evidence-planner

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill ingests untrusted input in the form of task details and uses it to perform file-writing operations without sanitization or boundary markers.
  • Ingestion points: SKILL.md Section 3 (Action, Tech Stack, Context, Specifics) defines inputs sourced from user descriptions.
  • Boundary markers: Absent; user inputs are directly interpolated into the generation and file-naming logic.
  • Capability inventory: SKILL.md Section 4, Step 3, Scenario B uses the write_to_file tool to modify the local file system.
  • Sanitization: Absent; the {TaskSkeleton} component of the filename is not sanitized, enabling potential path traversal (e.g., using ../) or file name manipulation.
  • [Data Exposure & Exfiltration] (LOW): The skill hardcodes a specific local Windows directory path (e:\OBData\ObsidianDatas\0收集箱日清), which exposes information about the user's expected local file system structure and configuration.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:49 PM