Skills
skills/z0gsh1u/oh-my-writing-skill/content-creator/Gen Agent Trust Hub

content-creator

Fail

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute Python scripts and directly interpolates user-controlled variables, such as {选题} (topic) and {配图关键词} (image keyword), into the shell command strings. This design is susceptible to command injection; an adversary can provide input containing shell metacharacters (e.g., ;, &, |) to execute arbitrary commands on the underlying system.\n- [REMOTE_CODE_EXECUTION]: The skill relies on and executes code from external skill directories (e.g., .claude/skills/deep-research/, .claude/skills/image-search/). Executing external scripts that are not bundled with the skill via shell commands introduces a risk of executing tampered or malicious code if the local environment or secondary skills are compromised.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It ingests untrusted data from web research (Phase 2) and subsequently processes this data to generate and polish content (Phases 4 and 5). \n
  • Ingestion points: Research results saved to output/research.md. \n
  • Boundary markers: Absent; there are no delimiters or 'ignore instructions' warnings when processing research data. \n
  • Capability inventory: Uses Bash, Write, and Edit tools. \n
  • Sanitization: Absent; there is no evidence of escaping or filtering content retrieved from the web before it is used to influence the agent's writing behavior.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 2, 2026, 10:18 AM