Skills
skills/xu-cell/ai-engineering-init/lanhu-design/Gen Agent Trust Hub

lanhu-design

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through the analysis of external project data. Specifically, the tools lanhu_get_ai_analyze_page_result and lanhu_get_ai_analyze_design_result ingest content from Lanhu prototypes and design drafts to perform AI-driven analysis.
  • Ingestion points: External data enters the agent context via lanhu_resolve_invite_link, lanhu_get_pages, and design-fetching tools which process content from user-provided Lanhu URLs.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are mentioned in the tool descriptions.
  • Capability inventory: The skill possesses network capabilities to interact with the Lanhu API, including the ability to post comments using lanhu_say and manage project data.
  • Sanitization: There is no evidence of sanitization or filtering for instructions hidden within design elements, comments, or prototype metadata.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 10:11 AM