Skills
NYC
skills/z0gsh1u/oh-my-writing-skill/content-creator/Gen Agent Trust Hub

content-creator

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (HIGH): The skill uses the Bash tool to execute Python scripts with user-supplied variables interpolated directly into the command string. Evidence: python .claude/skills/deep-research/scripts/research.py "{选题}" in Stage 2 and python .claude/skills/image-search/scripts/image_search.py "{配图关键词}" in Stage 3. An attacker could provide input containing shell metacharacters (e.g., "; rm -rf / #) to execute arbitrary code on the host system.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection due to its workflow. 1. Ingestion points: output/research.md (populated by web search results in Stage 2). 2. Boundary markers: Absent; the skill does not use delimiters or warnings to ignore instructions within the research data. 3. Capability inventory: Bash, Write, Edit, Grep, Glob. 4. Sanitization: Absent; the research results are used directly as context for writing and humanizing content in Stages 4 and 5.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 05:44 PM