utility-tools
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection through tools that ingest untrusted data.
- Ingestion points: The
/v2/ogendpoint fetches metadata from external URLs, and the/v2/fanyiendpoint processes arbitrary user text. - Boundary markers: Absent. There are no instructions to the agent to ignore or sanitize embedded commands within the processed data.
- Capability inventory: The skill utilizes the
requestslibrary for network operations and performs file writes (e.g.,qrcode.png). - Sanitization: No evidence of sanitization or content validation for the API responses before they are returned to the agent context.
- EXTERNAL_DOWNLOADS (LOW): The skill relies on an external API (
60s.viki.moe) that is not part of the trusted source whitelist. - It downloads and saves binary content (QR code images) to the local filesystem.
- All core functionality is dependent on this third-party service, which could be modified to return malicious payloads or instructions.
Audit Metadata