mdx-article-publisher
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- Command Execution (LOW): The skill is designed to execute shell commands including
npm run build,pnpm build:docs, andgit push. These are standard for documentation publishing but allow the execution of arbitrary scripts defined in the local project's configuration files and the transmission of data to remote repositories.\n- Indirect Prompt Injection (LOW): The skill ingests untrusted data from MDX files to generate semantic commits and validation reports. Content within these files could be crafted to influence the agent's behavior during the automated workflow.\n - Ingestion points:
scripts/validate_mdx.pyandscripts/publish_article.pyread and parse content from user-provided.mdxfile paths.\n - Boundary markers: No explicit boundary delimiters or 'ignore' instructions are provided in the prompt logic to separate file content from agent instructions.\n
- Capability inventory: The skill has the ability to perform file system reads, execute build scripts via
npm, and push data viagit.\n - Sanitization: The validator focuses on syntax correctness (e.g., escaping operators) but does not sanitize for instructional patterns that might affect the LLM.\n- Data Exfiltration (LOW): The core functionality includes
git push, which transmits local file content to a remote repository. If an attacker influences the file paths passed to the script, sensitive information could be accidentally committed and exfiltrated.\n- External Downloads (LOW): The documentation instructs users to runnpm installandpip install, which download dependencies from external registries. While standard, this is a vector for dependency-related risks.
Audit Metadata