topic-agent
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted data via WebSearch from sources like Reddit, Product Hunt, and various blogs. There is a risk that malicious content within these sources could manipulate the agent's output.
- Ingestion points: WebSearch queries for AI blogs, Reddit (r/ClaudeAI), and Product Hunt results defined in
SKILL.md. - Boundary markers: Absent; search results are processed directly into templates without explicit delimitation or 'ignore instructions' guards.
- Capability inventory: File system write access to
/Users/ugreen/Documents/obsidian/选题库/. - Sanitization: None; the agent uses external data to generate 'Topic Names' used in file paths and content.
- Data Exposure & Access (SAFE/INFO): The skill uses a hardcoded absolute path (
/Users/ugreen/...) for saving files. While not inherently malicious, this limits portability and exposes a specific local username, which is a minor best-practice violation.
Audit Metadata