mind-map-generator
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill processes untrusted user-provided content (such as story outlines or scripts) to generate structured mind map data, which creates an attack surface for embedded instructions.
- Ingestion points: Found in
SKILL.mdunder '输入要求' (Input Requirements), specifically the '需要转换的内容' (content to be converted) field. - Boundary markers: The instructions lack any requirement for delimiters (e.g., triple quotes) or explicit system-level instructions to ignore commands found within the user data.
- Capability inventory: The skill invokes the
generateTreeMindtool and outputs structured JSON containing URLs (pic,jump_link) and raw data. If an attacker injects malicious links or instructions into the input text, the agent may follow them or produce deceptive outputs. - Sanitization: There is no evidence of input validation, filtering, or escaping of the external content before it is processed by the model.
Audit Metadata