plunker
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The helper script
plnkr.shinsecurely interpolates shell variables into command strings. Specifically, thedownloadanduploadcommands use user-provided or dynamically generated directory paths ($outdir,$dir) inside shell commands and JavaScript strings, which can lead to command injection if paths contain special characters.- [REMOTE_CODE_EXECUTION]: Theplnkr.shscript utilizesnode -eto execute inline JavaScript that incorporates shell variables via string interpolation (e.g.,const dir = '$outdir';). An attacker or malicious input could break out of the string literal to execute arbitrary JavaScript code within the Node.js process.- [EXTERNAL_DOWNLOADS]: The skill downloads external code assets and metadata fromapi.plnkr.cousingcurl. While this is the intended functionality for the Plunker service, it introduces content from an external, user-controlled source into the agent's environment.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It is designed to download and 'read/modify' files from Plunker. This creates an ingestion point for untrusted data that could contain hidden instructions (in JS/HTML comments) designed to bypass agent constraints or exfiltrate information. The capability to execute subprocesses viaplnkr.shincreases the risk if an injected instruction triggers a specific command.
Audit Metadata