toon-format
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation includes installation instructions for the
@toon-format/toonpackage via NPM, which is the core library for the data format described. It also references well-known packages such asopenai,@anthropic-ai/sdk,gpt-tokenizer, andexpressfor its implementation examples.\n- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its core function of processing external data for LLM prompts.\n - Ingestion points: The CLI tool,
decodefunction, and Express middleware examples all ingest arbitrary TOON-formatted strings from files, standard input, or network request bodies.\n - Boundary markers: Documentation examples suggest using Markdown code blocks (e.g., ```toon`) as delimiters when injecting data into prompts, but no programmatic enforcement of boundaries or "ignore instructions" directives are provided in the library itself.\n
- Capability inventory: The provided code samples demonstrate the ability to read and write to the local file system (
fs.promises) and interact with external LLM APIs (OpenAI and Anthropic).\n - Sanitization: The encoding and decoding logic does not include sanitization or filtering to detect or neutralize embedded LLM instructions (e.g., jailbreak attempts) within the data being processed.
Audit Metadata