yuque-personal-reading-digest
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes untrusted content from external documents.
- Ingestion points: Content is ingested from Yuque documents using the
yuque_get_doctool (File: SKILL.md). - Boundary markers: The instructions do not define clear delimiters or provide 'ignore instructions' warnings to prevent the LLM from obeying commands embedded within the fetched document content.
- Capability inventory: The skill has the ability to search documents, list repositories, and create new documents via the
yuque_search,yuque_list_repos, andyuque_create_doctools (File: SKILL.md). - Sanitization: The skill does not perform any sanitization or validation of the document content before passing it to the model for summarization.
Audit Metadata