yuque-personal-stale-detector
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill performs its stated function of detecting stale documents using authorized MCP tools.
- [DATA_EXFILTRATION]: While the skill reads document content using yuque_get_doc, this is performed within the user's personal context to identify freshness signals. No evidence of data being sent to external or untrusted domains was found.
- [REMOTE_CODE_EXECUTION]: No patterns for remote code execution or unauthorized script downloads were identified.
- [PROMPT_INJECTION]: No direct prompt injection patterns found. Potential for indirect injection exists via document content ingestion in yuque_get_doc, but the risk is safe as no executable capabilities are exposed to the ingested data and output is limited to markdown reporting. Ingestion: document content via yuque_get_doc; Boundaries: none; Capabilities: markdown report; Sanitization: none.
Audit Metadata