felo-livedoc
Warn
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
downloadaction inscripts/run_livedoc.mjswrites files to the local system using a filename extracted from theContent-Dispositionheader of the API response. The script does not perform path sanitization, which could allow a malicious or compromised API response to use path traversal sequences (e.g.,../../) to overwrite arbitrary files on the user's system. - [DATA_EXFILTRATION]: The
uploadaction inscripts/run_livedoc.mjsreads local files based on paths provided to the tool and transmits them toopenapi.felo.ai. While this is core functionality, it creates a risk where the agent could be manipulated into reading and exfiltrating sensitive local files if prompted by malicious input. - [PROMPT_INJECTION]: The skill ingests and processes data from an external API, including document snippets and search results, which are then presented to the agent. This creates a surface for indirect prompt injection.
- Ingestion points: Data returned by the
retrieve,content, andget-readmeactions inscripts/run_livedoc.mjs. - Boundary markers: Output from the API is not enclosed in delimiters or accompanied by instructions for the agent to ignore embedded commands.
- Capability inventory: The skill possesses file read, file write, and network communication capabilities.
- Sanitization: No validation, filtering, or escaping is performed on the content received from the remote API before it is rendered into the agent's context.
Audit Metadata