baoyu-format-markdown
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's core functionality involves reading and analyzing user-provided text or markdown files to generate titles, summaries, and formatting. This creates an indirect prompt injection surface where instructions hidden within the input files could manipulate the agent's behavior. \n
- Ingestion points: Step 1 involves reading a user-specified file. \n
- Boundary markers: No explicit delimiters or warnings are used when the agent processes the file content. \n
- Capability inventory: The skill can execute shell commands (backups, typography scripts), read/write files, and perform complex content analysis. \n
- Sanitization: The input data is processed without sanitization or instructions to ignore embedded commands. \n- [COMMAND_EXECUTION]: The skill uses shell execution for file operations and typography processing. \n
- Evidence: SKILL.md contains Bash snippets using
testto check paths andmvto create timestamped backups. \n - Evidence:
scripts/autocorrect.tsusesexecSyncto runnpx autocorrect-nodeon the processed file path. While the path is quoted, execution via a shell remains a risk if filenames contain metacharacters. \n- [EXTERNAL_DOWNLOADS]: The skill relies on runtime package retrieval vianpx. \n - Evidence: SKILL.md instructs the agent to run the main script using
npx -y bun. \n - Evidence: The typography script executes
npx autocorrect-nodeto apply spacing fixes, which fetches the tool from the NPM registry at runtime.
Audit Metadata