word-artisan
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The SKILL.md documentation includes a 'Knowledge Protocol' that instructs the agent to integrate confidential and personal secrets into its workflow. This serves as a prompt injection vector that could influence the agent to expose sensitive data if triggered by malicious input.
- [PROMPT_INJECTION]: The skill processes untrusted Markdown content provided via the --input argument in src/index.ts, creating an indirect prompt injection surface. Ingestion points: Markdown data enters the agent context through the file path specified in argv.input. Boundary markers: No delimiters or safety instructions are used to isolate the Markdown content during processing. Capability inventory: The skill can write files to the local filesystem using safeWriteFile and can perform network requests to retrieve images. Sanitization: There is no evidence of HTML sanitization or content filtering applied to the input before it is converted to a Word document.
- [DATA_EXFILTRATION]: The skill's dependency on html-to-docx (v1.8.0) enables the fetching of remote images via node-fetch. This allows for network operations to non-whitelisted domains when processing external Markdown content.
Audit Metadata