anygen
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data by reading user-uploaded files and interpolating the extracted text directly into API messages (Phase 1 of SKILL.md), creating an indirect prompt injection surface. There are no explicit boundary markers or sanitization logic present in the client-side scripts to mitigate this risk.
- [PROMPT_INJECTION]: SKILL.md contains instructions that direct the agent to perform background monitoring of tasks via sessions_spawn without announcing it to the user and to avoid exposing internal implementation details, representing a persona-based instruction override.
- [COMMAND_EXECUTION]: The script render-diagram.sh executes shell commands to install npm dependencies and Playwright browser binaries during the initial setup.
- [EXTERNAL_DOWNLOADS]: The skill performs runtime downloads of browser binaries and fetches JavaScript libraries from esm.sh and diagrams.net for diagram rendering within a headless browser context.
- [DATA_EXFILTRATION]: The skill sends task-related prompts and user-provided files to the vendor's domain www.anygen.io. This is documented as the primary function of the skill.
Audit Metadata