markdown-stylist
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests data from external files and URLs using the
read_fileandfetch_urltools without implementing boundary markers or sanitization logic. - Ingestion points: Data enters the context via
read_fileandfetch_url. - Boundary markers: No delimiters or instructions to ignore embedded commands are present in the prompt instructions.
- Capability inventory: The skill possesses
write_file,read_file, andfetch_urlcapabilities. - Sanitization: No input validation or filtering is performed.
- [DATA_EXFILTRATION]: The skill utilizes the
fetch_urltool to connect to external, non-whitelisted domains for design inspiration, which represents a network-based attack surface. - [NO_CODE]: No executable script files (such as .py or .js) were found in the skill package, which significantly reduces the risk of direct remote code execution or persistence.
Audit Metadata