openmaic
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates local environment setup through commands such as
git clone,pnpm install, anddocker compose. These operations are conducted within a guided SOP and require explicit user confirmation before execution.\n- [EXTERNAL_DOWNLOADS]: The skill downloads the application source code from the official vendor repository atgithub.com/THU-MAIC/OpenMAIC.git. This is a necessary step for the local deployment functionality of the skill.\n- [DATA_EXFILTRATION]: In its 'hosted mode', the skill transmits classroom generation parameters and processed PDF content to the vendor's API atopen.maic.chat. This data transfer is the intended primary function of the hosted service and is secured using authorization headers read from local configuration files.\n- [PROMPT_INJECTION]: An indirect prompt injection surface is present as the skill processes user-defined requirements and local PDF content to generate classroom outlines.\n - Ingestion points: Data enters the context via the
requirementuser input and thepdfContentfield during the classroom generation phase.\n - Boundary markers: The skill requires user confirmation before reading local files but does not specify internal delimiters for the data payload sent to the API.\n
- Capability inventory: The skill possesses the ability to read local files, perform network requests to specific APIs, and execute shell commands for environment setup.\n
- Sanitization: No explicit sanitization logic is contained within the skill instructions; protection relies on the security measures of the OpenMAIC server-side processing engine.
Audit Metadata