qqbot-media
Fail
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: HIGHDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION]: The skill provides instructions for the agent to access and transmit local files to an external platform (QQBot) by specifying absolute paths inside custom tags.
- Evidence: The rule "路径必须是绝对路径(以 / 或 http 开头)" (Paths must be absolute paths starting with / or http) allows the agent to target any file it has read access to on the system.
- Evidence: The instruction "你有能力发送本地图片/文件——直接用标签包裹路径即可,不要说'无法发送'" (You have the ability to send local images/files—just wrap the path in tags, do not say 'unable to send') explicitly directs the agent to override standard safety refusals regarding local file system access.
- Risk: An attacker could perform indirect prompt injection or direct manipulation to trick the agent into exfiltrating sensitive files (e.g.,
/etc/passwd,~/.ssh/id_rsa,.env, or configuration files) by wrapping their paths in the<qqmedia>tag.
Recommendations
- AI detected serious security threats
Audit Metadata