Skills
skills/danielmiessler/personal_ai_infrastructure/Utilities/Gen Agent Trust Hub

Utilities

Fail

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: CRITICALCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of CLI tools for its core functionality.
  • Documents/Docx/SKILL.md and Documents/Pptx/SKILL.md execute system commands like pandoc, soffice (LibreOffice), pdftoppm, and python modules for document conversion and analysis.
  • AudioEditor/Workflows/Clean.md executes ffmpeg, ffprobe, and whisper for audio processing.
  • Evals/Graders/CodeBased/BinaryTests.ts dynamically executes test suites (pytest, bun test, node --test) based on file extensions.
  • Evals/Graders/CodeBased/StaticAnalysis.ts runs arbitrary analysis tools like biome, tsc, or ruff via shell commands.
  • Fabric/Patterns/create_command/README.md provides templates for generating and executing commands for penetration testing tools such as sqlmap, nmap, and nuclei.
  • [EXTERNAL_DOWNLOADS]: Several workflows involve fetching assets or installing tools from external repositories.
  • Fabric/Patterns/create_coding_feature/README.md instructs the user to install a binary from github.com/danielmiessler/fabric, which is the author's own repository.
  • PAIUpgrade/Tools/Anthropic.ts fetches release notes and commit data from GitHub and official Anthropic documentation sites.
  • Parser/Workflows/ExtractBrowserExtension.md provides a mechanism to download CRX files from the Google Chrome Web Store for security analysis.
  • Fabric/SKILL.md and related workflows fetch and sync prompt patterns from the author's public repository on GitHub.
  • [PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection (Category 8).
  • Ingestion points: Parser/Workflows/ParseContent.md and Parser/Workflows/BatchEntityExtractionGemini3.md ingest content directly from arbitrary user-provided URLs, including YouTube transcripts, Twitter threads, and web articles.
  • Boundary markers: The BatchEntityExtractionGemini3.md workflow uses clear separators (e.g., ======= ARTICLE N =======) but the prompts do not explicitly instruct the model to ignore embedded instructions within the ingested content.
  • Capability inventory: The skill has broad capabilities including file system write (Parser), command execution (Evals), and network access (Cloudflare, AudioEditor).
  • Sanitization: While the Parser uses validation and schema enforcement, it primarily relies on the LLM's ability to extract structured data from untrusted text without being subverted by instructions hidden within that text.
  • [DYNAMIC_EXECUTION]: The skill facilitates the creation and execution of dynamic content at runtime.
  • CreateCLI/Workflows/CreateCli.md generates entire TypeScript CLI tools based on user requirements.
  • Fabric/Patterns/create_coding_feature/system.md generates code changes that are applied directly to the filesystem using a custom file management interface.
  • Documents/Pptx/Scripts/html2pptx.js uses Playwright to render HTML and convert it to PowerPoint elements, allowing for dynamic presentation generation.
  • [CREDENTIALS_UNSAFE]: The skill references several API keys and tokens required for external services.
  • AudioEditor/SKILL.md requires ANTHROPIC_API_KEY and CLEANVOICE_API_KEY.
  • PAIUpgrade/Tools/Anthropic.ts uses GITHUB_TOKEN for API access.
  • Cloudflare/SKILL.md mentions CF_ACCOUNT_ID and various Cloudflare API tokens.
  • These are handled via environment variables, typically loaded from ~/.config/PAI/.env, which follows the author's standard configuration pattern for secret management.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 28, 2026, 11:03 PM