Skills
skills/xxxcoffee/shareskills/e-checker-v2/Gen Agent Trust Hub

e-checker-v2

Warn

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/run_all.py uses subprocess.run to execute all Python scripts found within the .e-checker/ directory.
  • [REMOTE_CODE_EXECUTION]: The skill's primary workflow involves the agent generating executable Python code derived from natural language rules in checker-rule.md and then running that code. This 'generate-then-execute' behavior is a known high-risk pattern when inputs are untrusted.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via the checker-rule.md file, which is used to influence the agent's code generation logic.
  • Ingestion points: The agent is instructed to find and read checker-rule.md in the work directory (Step 1 of SKILL.md).
  • Boundary markers: None are present; the instructions direct the agent to '逐行解析' (parse line by line) every rule without specifying delimiters or safety constraints.
  • Capability inventory: The skill environment allows for subprocess execution (scripts/run_all.py), file system access (Path, openpyxl), and network access (if the environment permits it, though not directly used in the templates).
  • Sanitization: There is no evidence of validation or sanitization of the rules before they are used to write Python scripts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 9, 2026, 01:13 PM