ljg-learn
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the shell command
date +%Y%m%dT%H%M%Sto generate a timestamp for the filename. While this specific command is benign, it involves direct shell interaction. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8). The user-supplied concept name is interpolated directly into a file path (
~/Documents/notes/{timestamp}--概念解剖-{概念名}__concept.org). - Ingestion points: User-provided concept name (e.g., through commands like
/ljg-learn {concept}). - Boundary markers: None. The input is used directly to construct the filename.
- Capability inventory: Shell execution (
date) and file system writes (~/Documents/notes/). - Sanitization: Absent. There are no instructions to sanitize the concept name, which could allow path traversal (e.g.,
../) or command injection if the agent uses a shell-based tool to perform the write operation.
Audit Metadata