shadow
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The analyzed files define a professional persona and operational workflows without malicious code or obfuscation. All external resources and contact details (e.g., codenow.wiki, mixcomfy.com, WeChat litnmnm) align with the author's established branding and service ecosystem.
- [COMMAND_EXECUTION]: The skill instructs the agent to run 'date +%Y' to calculate durations accurately. This is a benign system command used to provide contextual accuracy for years of experience and project timelines.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes external search results and user inputs. 1. Ingestion points: User conversation and external search/scraping results (defined in the 'Search Fallback Rule'). 2. Boundary markers: Absent in the data processing instructions. 3. Capability inventory: Benign shell execution (date) and network search capabilities. 4. Sanitization: Not explicitly mentioned. This surface is standard for agents with web access and exhibits no signs of malicious exploitation.
- [DATA_EXFILTRATION]: The skill describes an external search and scraping fallback mechanism. This is a functional feature for information retrieval and does not contain patterns associated with unauthorized data exposure or exfiltration.
Audit Metadata