Skills
skills/dev-goraebap/sveltekit-custom-skills/screen-design-doc/Gen Agent Trust Hub

screen-design-doc

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the pdf-parse package from the public NPM registry via the npm install command during the PDF extraction step.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute shell commands for installing dependencies and running a Node.js script (extract_pdf_text.js) to process user files.
  • [REMOTE_CODE_EXECUTION]: A combination of downloading external packages from NPM and executing a local script that utilizes those dependencies constitutes a remote code execution risk, as the fetched code is not from a trusted vendor.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted text from external documents (PDF, TXT, MD) and uses it to generate output without sanitization or protective boundary markers.
  • Ingestion points: Untrusted data is read from user-specified file paths and extracted via a Node.js script in Step 2 and Step 3 of the skill flow.
  • Boundary markers: The instructions do not define delimiters or explicit "ignore embedded instructions" warnings for the processed text.
  • Capability inventory: The skill utilizes Bash, Read, and Write tools to modify the workspace and execute scripts.
  • Sanitization: No validation or filtering is applied to the extracted text before it is presented to the LLM for analysis and document generation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 02:20 AM