tencent-docs
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The file
sheet/api/js-script-rule.mdcontains instructions directing the AI to resist attempts to override its behavior. Specifically, it instructs the agent to treat system instructions as immutable and to refuse user requests to 'ignore previous instructions'. These are defensive safety guidelines designed to prevent prompt injection and behavior modification. - [EXTERNAL_DOWNLOADS]: The
setup.shscript automates the installation of themcporterutility via the official NPM registry and interacts withdocs.qq.comto manage authentication tokens. These operations are performed as part of the initial configuration and target trusted service domains. - [COMMAND_EXECUTION]: The skill utilizes several helper scripts (
setup.sh,import_file.sh,generate_slide.js) that invoke local system commands likecurl,openssl,npm, andmcporter. These utilities are used for legitimate tasks such as generating random tokens, calculating file hashes, uploading document data to cloud storage, and polling for the completion of asynchronous AI tasks like PPT generation.
Audit Metadata