zsxq-topic
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
zsxq-clibinary to perform various topic management actions, such as searching, posting, and replying on the Knowledge Planet platform. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection vulnerability surface.
- Ingestion points: Untrusted platform data is retrieved through
topic +search,topic +detail, and theget_topic_commentsAPI call across all documentation files. - Boundary markers: No explicit delimiters or instructions are provided to the agent to help it distinguish between platform-retrieved content and its own operating instructions.
- Capability inventory: The skill allows for significant write operations, including
+createfor new posts,+replyfor comments, and+answerfor answering questions, which could be misused if the agent obeys instructions found within external data. - Sanitization: No sanitization, validation, or filtering mechanisms for the platform-provided data are described in the skill's logic.
Audit Metadata