sv-print
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): Automated scans (URLite) identified the malicious URL 'customModule.com' within the skill materials. This domain is blacklisted, indicating a high risk of malware or unauthorized data collection.
- DATA_EXFILTRATION (MEDIUM): The 'hiwebSocket' API allows programmatic configuration of remote hosts via 'hiwebSocket.setHost()'. This can be exploited to exfiltrate print data or template JSON to attacker-controlled endpoints.
- REMOTE_CODE_EXECUTION (MEDIUM): The skill framework supports a plugin system where external scripts (e.g., @sv-print/plugin-ele-bwip-js) are registered and executed, presenting a supply-chain risk if dependencies are compromised.
- COMMAND_EXECUTION (LOW): The documentation instructs users to perform 'npx' and 'npm' installations from a non-trusted repository, which can execute arbitrary code during the setup phase.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection. 1. Ingestion points: 'template' and 'printData' parameters in the Designer component. 2. Boundary markers: No delimiters are used to isolate untrusted data. 3. Capability inventory: The skill can trigger browser printing and network-based PDF fetching. 4. Sanitization: There is no evidence of sanitization for 'html' type elements, allowing potentially malicious scripts to be rendered.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata