YouYou 佑佑

The skill bundle "youyou" is classified as **suspicious**. The primary reason for this classification is the presence of multiple explicit instructions for the AI agent to execute local shell commands and Python scripts, and to construct prompts for subagents using potentially untrusted data. While the stated purpose of the skill is benign (personal health data management), these capabilities introduce significant attack surfaces for prompt injection and local arbitrary code execution. Here are the most important indicators: 1. **Prompt Injection Surface in `commands/consult.md` and `commands/specialist.md`**: * The `commands/consult.md` file explicitly instructs the AI agent to "并行启动所有相关专科的 subagent" (parallelly launch all relevant specialist subagents) using the `Task` tool. The prompt for these subagents includes `医疗数据内容` (medical data content) and the full content of `.claude/specialists/<专科对应的md文件>`. If a malicious actor can inject harmful instructions into the `医疗数据内容` (e.g., via manipulated input or a compromised data file) or into the specialist markdown files, the subagent could be coerced into performing unauthorized actions. * Similarly, `commands/specialist.md` constructs a prompt for a single subagent, including the full content of the specialist's skill definition. * Although the prompts include "严格遵守以下安全红线" (strictly adhere to the following safety redlines), these are instructions *within* the prompt, which can potentially be overridden