mdx-sanitizer
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to read and modify MDX content which may originate from external or untrusted sources. * Ingestion points: Reads content from .mdx files within the .claude/skills/ and website/docs/ directories. * Boundary markers: Does not implement explicit delimiters or system instructions to ignore embedded commands within the processed MDX files. * Capability inventory: Includes the ability to Read, Write, and Edit files, as well as execute Bash commands. * Sanitization: While the skill performs sanitization for JSX compatibility (e.g., escaping < and >), it does not sanitize for malicious prompt instructions embedded in the data.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute project scripts such as 'npm run sanitize:mdx' and 'npm run clear'. These are standard development operations but provide a mechanism for command execution within the agent's environment.
Audit Metadata