leniu-java-export
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill defines logic for processing untrusted user input for data filtering and export formatting, which constitutes an indirect prompt injection surface.
- Ingestion points: The skill processes 'keyword' and 'exportCols' parameters via 'LeRequest' and 'XxxPageParam' objects in API controller endpoints.
- Boundary markers: There are no explicit delimiters or system instructions defined to prevent the model from interpreting instructions potentially embedded within these user-provided fields.
- Capability inventory: The skill includes capabilities for performing database queries and generating/downloading Excel files through 'ExportApi' and 'EasyExcelUtil'.
- Sanitization: The documentation provides examples for input validation of 'exportCols' and data masking for sensitive fields like mobile numbers and ID cards.
- [DATA_EXFILTRATION]: The skill documentation discloses internal development environment information by hardcoding absolute file system paths (e.g., '/Users/xujiajun/Developer/...') associated with the 'leniu-tengyun-core' and 'leniu-yunshitang' projects.
Audit Metadata