zsxq-user
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it displays untrusted, user-generated content such as thread titles, digests, and nicknames from ZhiXingQiu within the agent's context. 1. Ingestion points: Untrusted data enters via zsxq-cli user +footprints and zsxq-cli user +info. 2. Boundary markers: None are defined in the analyzed files to separate external content from agent instructions. 3. Capability inventory: The skill relies on zsxq-cli for data retrieval; no file-system writing or external network operations were detected in the provided scripts. 4. Sanitization: There is no evidence of sanitization or filtering applied to the retrieved content.
- [COMMAND_EXECUTION]: The skill execution environment requires the zsxq-cli binary to interact with the platform API. Evidence: The SKILL.md metadata explicitly lists zsxq-cli as a required binary.
Audit Metadata