Skills
skills/zhiluop/siyuan-skills/siyuan-markdown/Gen Agent Trust Hub

siyuan-markdown

Warn

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides a Python script scripts/insert_image.py and instructs the agent to execute it via shell command to insert images into documents.
  • [DATA_EXFILTRATION]: The script scripts/insert_image.py reads a sensitive api_token from a local siyuan.json configuration file and transmits it via HTTP headers to an API endpoint. This creates a risk of credential exposure if the target URL is redirected or if the environment is shared.
  • [PROMPT_INJECTION]: The script scripts/insert_image.py is vulnerable to injection attacks due to a lack of input sanitization.
  • Ingestion points: sys.argv[1] (doc_title) and sys.argv[3] (caption) in scripts/insert_image.py.
  • Boundary markers: None used for SQL or Markdown construction.
  • Capability inventory: Executes SQL queries (api/query/sql) and appends blocks (api/block/appendBlock) via the SiYuan API using the requests library.
  • Sanitization: None; the script uses f-strings to directly interpolate user-controlled variables into SQL statements and Markdown strings, allowing for SQL injection and Markdown structure bypass.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 7, 2026, 05:55 PM