note-refine
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests untrusted content from external Yuque documents through the
yuque_get_doctool and subsequently processes this content for refinement. This creates a pathway where malicious instructions embedded within a document could attempt to influence the agent's output or tool usage.\n - Ingestion points: External document body retrieved via
yuque_get_docinSKILL.md.\n - Boundary markers: Absent. There are no explicit instructions to wrap the external content in delimiters (e.g., XML tags or triple quotes) to separate data from instructions.\n
- Capability inventory: The skill possesses the capability to write or update data on the Yuque platform using the
yuque_update_doctool.\n - Sanitization: Absent. The workflow does not include steps to sanitize, validate, or filter the content retrieved from the external source before the language model processes it.
Audit Metadata