fanfuaji
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits text content to an external API endpoint (https://api.zhconvert.org/convert) via POST requests in scripts/fanfuaji.py. This is necessary for the conversion service but involves sending user data to a third-party provider. The script also includes an optional flag to disable SSL verification (--no-verify-ssl), which could compromise data security if used.\n- [COMMAND_EXECUTION]: The agent is instructed to run the scripts/fanfuaji.py Python script to handle file conversion tasks. This script uses the standard library to perform file system reading/writing and network operations.\n- [PROMPT_INJECTION]: An indirect prompt injection surface exists because the skill processes untrusted data from local files without sufficient isolation.\n
- Ingestion points: Content is ingested from local files via the read_file_content function in scripts/fanfuaji.py.\n
- Boundary markers: Absent. There are no instructions or delimiters used to prevent the agent from following instructions contained within the text files being converted.\n
- Capability inventory: The script can read any accessible file, write results to the disk, and send data to an external network endpoint.\n
- Sanitization: There is no sanitization or filtering of the text content before or after conversion to mitigate embedded instructions.
Audit Metadata