style-creator
Warn
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on shell execution via
bun runto call local scripts for image generation and optimization (SKILL.md Step 5).\n- [COMMAND_EXECUTION]: Step 7 usesbun -eto execute a multi-line JavaScript snippet that reads from and writes to the local file system using the Node.jsfsmodule to regenerate documentation.\n- [COMMAND_EXECUTION]: User-provided variables for style IDs and prompts are interpolated directly into shell command arguments in Step 5, creating a surface for command injection if malicious input is provided.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted user input and incorporates it into project files and documentation.\n - Ingestion points: User input for style name, ID, category, and prompts gathered in Step 1.\n
- Boundary markers: Absent.\n
- Capability inventory: Subprocess execution and file system writes (SKILL.md Steps 5 and 7).\n
- Sanitization: Absent.
Audit Metadata