Skills
skills/yuque/yuque-plugin/yuque-personal-note-refine/Gen Agent Trust Hub

yuque-personal-note-refine

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection due to its core workflow of reading and processing external document data.
  • Ingestion points: The yuque_get_doc tool retrieves full document content from the Yuque knowledge base, which acts as the entry point for untrusted instructions.
  • Boundary markers: The skill workflow lacks clear delimiters or 'ignore' instructions when interpolating note content into the LLM's context, potentially allowing document text to override agent behavior.
  • Capability inventory: The skill has write permissions via yuque_create_doc and yuque_update_doc, which could be exploited if a malicious note contains instructions to overwrite other documents or delete data.
  • Sanitization: There is no evidence of content filtering or validation before the document text is processed by the AI.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 07:22 AM