processing-markdown
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The 'mq' function reference documents a
read_file(path)function. This allows the agent to read any file from the system, creating a risk that sensitive information, such as credentials or configuration files, could be accessed if the file path is influenced by malicious input. - [COMMAND_EXECUTION]: The skill provides instructions for the 'mq' command-line interface, including flags like
-U(update) and-o(output). These flags permit the agent to modify or write files, granting it broader control over the local environment beyond read-only operations. - [PROMPT_INJECTION]: The skill processes untrusted Markdown content using a powerful query language, which is a significant surface for indirect prompt injection attacks. * Ingestion points: External Markdown files processed via 'mq' commands. * Boundary markers: The instructions lack delimiters or safety warnings to prevent the agent from obeying commands embedded in the processed data. * Capability inventory: Includes file reading (
read_file), file writing (-o,-U), and complex transformation logic. * Sanitization: There is no mention of path validation or sanitization of Markdown content before it is processed.
Audit Metadata