flashcard-creator
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute a local Python script, parse_flashcards.py, which is required to convert markdown flashcards into a format suitable for Anki. This execution is an expected functional component of the workflow.
- [PROMPT_INJECTION]: The skill processes external web content, creating a surface for indirect prompt injection. (1) Ingestion points: Extracted web text via mcp__claude-in-chrome__read_page and mcp__claude-in-chrome__get_page_text. (2) Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified for the input data. (3) Capability inventory: Includes Bash for script execution and Write for file system modifications. (4) Sanitization: The agent is instructed to adhere to a strict markdown schema (Front: and Back: keywords), which provides structural validation of the data before it is processed by the conversion script.
Audit Metadata