muze-quotations
Warn
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/convert-cotizacion.cjsexecutes Puppeteer with the--no-sandboxand--disable-setuid-sandboxflags, which disables critical security isolation features of the browser process. - [DATA_EXFILTRATION]: The skill processes untrusted markdown files and injects the resulting HTML into a template without sanitization. This allows for potential XSS-to-local-file-read attacks where a malicious markdown file could use HTML tags to access sensitive system files or send data to external servers via the browser's context.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect injection via malicious input files. Ingestion points:
scripts/convert-cotizacion.cjsreads untrusted markdown input from the command line. Boundary markers: No delimiters or sanitization routines are present. Capability inventory: The skill can read local files, write to temp directories, and launch a browser process. Sanitization: Absent; markdown is parsed and directly embedded into the document body.
Audit Metadata