Agentic Creator OS
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines an automated pipeline that invokes local shell commands using
npm run(e.g.,npm run publish:artifact,npm run pdf:build). - These commands take
<artifact-path>as an argument, which is a variable constructed from user-influenced 'slugs'. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its core design as a research and processing engine.
- Ingestion points: Untrusted data enters the context via the 'Researcher' agent, which gathers external sources and stores them in
sources.mdfor processing by the 'Writer' and 'Editor' agents. - Boundary markers: Absent. The skill instructions do not provide delimiters or negative constraints to prevent the agent from obeying instructions embedded within the researched external content.
- Capability inventory: The orchestrator has the ability to perform file writes and execute multiple shell commands as part of its deployment and QA automation.
- Sanitization: Absent. There are no instructions for validating the external data or sanitizing the 'slug' values before they are interpolated into shell command strings.
Audit Metadata