tentap-editor
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (MEDIUM): The EditorBridge interface (documented in EditorBridge.md) exposes an injectJS method that allows for the execution of arbitrary JavaScript within the context of the editor's WebView. This capability can be exploited to execute malicious scripts or access data within the WebView.
- [COMMAND_EXECUTION] (MEDIUM): The advancedSetup.md documentation provides a vite.config.ts template that utilizes child_process.exec to run shell commands like yarn editor:post-build. If an agent or attacker influences the build configuration, this allows for arbitrary command execution on the host system.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection and XSS through unsanitized HTML ingestion. Evidence: (1) Ingestion points: initialContent in useEditorBridge, setContent in EditorBridge, and message.text in EditorStickToKeyboardExample.tsx. (2) Boundary markers: Absent. (3) Capability inventory: injectJS and injectCSS. (4) Sanitization: Absent; content is interpolated directly into WebView HTML sources without escaping or filtering.
Audit Metadata