chuinb
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONNO_CODE
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The README.md and README-EN.md files direct users to install the skill and two additional helper skills ('zimage-skill' and 'media-downloader') from a personal GitHub repository ('yizhiyanhua-ai'). These sources are not on the trusted external sources list, introducing a potential supply chain risk if those repositories are compromised or contain malicious scripts.
- PROMPT_INJECTION (LOW): Category 8 (Indirect Prompt Injection surface). The skill is designed to ingest data from web searches and use it to populate a note template.
- Ingestion points: The agent is instructed in
assets/note-template.mdandREADME.mdto search for industry information, figures, and media. - Boundary markers: The template uses placeholders like
{{INDUSTRY_NAME}}but lacks explicit instructions or delimiters to prevent the agent from following commands embedded in the retrieved web content. - Capability inventory: The skill relies on the capabilities of the agent and the requested helper skills, which include network access and file writing.
- Sanitization: There are no instructions provided to sanitize or validate the external content before it is interpolated into the final output.
- NO_CODE (SAFE): The current skill folder contains only Markdown (.md) and asset files. It does not include scripts (.py, .js, .sh) or binaries. Its operations rely entirely on the AI agent's interpretation and the execution of external tools.
Audit Metadata