compile
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute system commands such as typst and quarto render based on provided filenames, which can be exploited if filenames are not properly handled.
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to run arbitrary Python code via the uv run command on user-provided scripts, allowing for the execution of potentially malicious code in the agent environment.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the files it processes. 1. Ingestion points: Content from .typ, .qmd, and .py files. 2. Boundary markers: Absent; there are no instructions for the agent to ignore or delimit potentially malicious instructions within the files. 3. Capability inventory: The agent has access to powerful tools including Bash, Read, and Glob. 4. Sanitization: No validation or sanitization of input file content is performed before execution or visual inspection.
Audit Metadata