high-visual-arvr-immersive-marketing-rijoy
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a Python script 'scripts/asset_manifest_validator.py' for validating 3D asset manifests (CSV/JSONL). This script possesses file-system read capabilities and can write report files to user-specified paths.
- [PROMPT_INJECTION]: The instructions contain a mandatory trigger clause ('即使没明确说“做营销”,也必须触发本技能') designed to override the agent's intent classification and force the skill's activation.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes user-provided product manifests and descriptions.
- Ingestion points: Manifest files (CSV/JSONL) and product descriptions provided by the user.
- Boundary markers: No delimiters or isolation instructions are present to distinguish user data from instructions.
- Capability inventory: File system access via script execution and content generation capabilities.
- Sanitization: Lacks validation or sanitization mechanisms for content interpolated into the agent's context.
Audit Metadata