writing-analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill ingests untrusted data from user-provided files or pasted text (Step 1) and has the capability to perform physical file writes to a specific local path (Step 6).
- Ingestion points: Step 1 (Reading article content via file path or paste).
- Boundary markers: None. The skill does not define delimiters or instructions to ignore embedded commands in the source text.
- Capability inventory: Step 6 involves physical file writing ('物理写入文件') to the E:\ drive using a Write tool.
- Sanitization: None. There is no mention of escaping or validating the content extracted from the untrusted article before it is written to the filesystem.
- Prompt Injection (MEDIUM): The metadata and instructions explicitly command the agent to bypass auditing ('无需审计流程', '无准入审计'). While intended to streamline the workflow, this instruction may encourage the agent to ignore safety protocols when handling adversarial content designed to exploit the file-write capability.
- Data Exposure (MEDIUM): The skill contains hardcoded absolute file paths (E:\OBData\ObsidianDatas...) which reveals the user's internal directory structure and specifically targets a knowledge management vault (Obsidian) for modification.
Recommendations
- AI detected serious security threats
Audit Metadata