Skills
NYC
skills/duc01226/easyplatform/markdown-novel-viewer/Gen Agent Trust Hub

markdown-novel-viewer

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • DATA_EXFILTRATION (HIGH): The skill exposes the local filesystem over HTTP without authentication. Use of the --host 0.0.0.0 flag binds the server to all network interfaces, allowing anyone on the same network to browse the host's directories and view files.
  • DATA_EXFILTRATION (HIGH): The HTTP routes /view?file=<path> and /file/* accept arbitrary paths. This architecture is highly vulnerable to path traversal (e.g., accessing sensitive files like ~/.ssh/id_rsa or /etc/passwd) unless strict, documented sandboxing is implemented in server.cjs.
  • COMMAND_EXECUTION (MEDIUM): The skill executes a custom Node.js server and manages background processes using PID files in /tmp/. This introduces a persistent network service that remains active on the host machine until manually stopped.
  • EXTERNAL_DOWNLOADS (LOW): The skill requires the installation of external npm packages (marked, highlight.js, gray-matter) and suggests running an opaque install.sh via a CLI tool (ck init), which is a standard but potentially risky dependency management pattern.
  • INDIRECT_PROMPT_INJECTION (LOW): As a markdown renderer, this skill possesses an indirect prompt injection surface.
  • Ingestion points: Reads markdown files via --file or /view?file= parameters.
  • Boundary markers: None identified in the documentation.
  • Capability inventory: Local file reading and network serving.
  • Sanitization: Not specified for the file path or content rendering.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:25 PM