taxue-insight
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions in
references/atom-usage-guide.mdfor the agent to execute a local Python script (atoms-query.py) to query a material library. The script is located in a vendor-specific directory (~/.config/agents/skills/\u8e0f\u96ea\u7d20\u6750\u5e93/) and is used for legitimate data retrieval within the vendor's ecosystem. - [PROMPT_INJECTION]: The skill ingests untrusted user topics for analysis. Ingestion points: User topic input in
SKILL.md. Boundary markers: Absent. Capability inventory: The skill performs text generation and executes a local vendor script for querying data. Sanitization: No explicit sanitization or escaping of the user-provided topic is documented. - [SAFE]: The skill demonstrates security best practices by including explicit guidelines in
references/atom-usage-guide.mdto filter out personal experiences, sensitive dates, and private financial information from the generated output.
Audit Metadata