Skills
skills/agricidaniel/claude-obsidian/canvas/Gen Agent Trust Hub

canvas

Warn

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses multiple shell commands including curl, cp, python3, identify, and find. These commands are constructed by interpolating user-provided inputs like URLs and file paths (e.g., curl -sL [url] -o ... and Image.open('[path]')), which can be exploited for command injection if the inputs contain shell metacharacters.
  • [EXTERNAL_DOWNLOADS]: The add image operation uses curl to download files from arbitrary, user-specified URLs. This allows the agent to fetch remote content into the local filesystem.
  • [REMOTE_CODE_EXECUTION]: The use of python3 -c for aspect ratio detection and temporary file manipulation involves executing Python code with parameters derived from user input, increasing the risk of code injection and execution in the local environment.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 12, 2026, 04:50 PM