Skills
skills/zhayujie/chatgpt-on-wechat/linkai-agent/Gen Agent Trust Hub

linkai-agent

Warn

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the bash tool to execute curl commands. Assembling shell commands that incorporate user-provided content (such as messages or questions) is a significant security risk if not handled by a secure tool-calling layer that performs strict escaping.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with the LinkAI API at api.link-ai.tech. This is the official domain for the service and is required for the skill to function.
  • [PROMPT_INJECTION]: The skill architecture includes an indirect prompt injection surface where it dynamically updates its own description based on application names and descriptions provided in config.json.
  • Ingestion points: The apps list within config.json.
  • Boundary markers: None identified; the configuration data is directly incorporated into the agent's skill description.
  • Capability inventory: Uses the bash tool for network operations and API calls.
  • Sanitization: No evidence of sanitization or validation for the content of the application descriptions in the configuration file.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 4, 2026, 07:05 AM