Skills
skills/clearsmog/claude-skills/extract-diagrams/Gen Agent Trust Hub

extract-diagrams

Fail

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The bash command grep -n '@preview/cetz' $ARGUMENTS in SKILL.md is vulnerable to shell command injection. The $ARGUMENTS variable is interpolated directly into the shell script without sanitization, allowing for arbitrary command execution via shell metacharacters (e.g., semicolons, pipes).
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the processing of untrusted .typ files.
  • Ingestion points: Data is ingested from external files via the Read and Bash (grep) tools.
  • Boundary markers: No delimiters or isolation instructions are used to distinguish untrusted file content from system instructions.
  • Capability inventory: The skill possesses Bash and Read capabilities, which could be exploited if the agent executes instructions found within the processed files.
  • Sanitization: No validation or sanitization is performed on the content of the source files before processing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 10, 2026, 01:15 AM