message
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'markdown' Python package via 'pip install markdown'. This is a well-known package from a standard registry.\n- [COMMAND_EXECUTION]: The
assemble.pyscript executes a local preview server (preview-server.py) usingos.execvp. This is a legitimate part of the skill's primary functionality to provide a local preview.\n- [PROMPT_INJECTION]: The skill processes.fragment.mdfiles that may contain untrusted data, creating an attack surface for indirect prompt injection.\n - Ingestion points: The
scripts/assemble.pyscript and the defined Edit Workflow read content from.fragment.mdfiles into the agent's context.\n - Boundary markers: There are no explicit boundary markers or instructions in the skill's logic to prevent the agent from interpreting embedded instructions within the fragments as authoritative.\n
- Capability inventory: The skill has tool permissions for
Read,Write,Edit, andBash, which allow it to manage files and execute the local preview server.\n - Sanitization: No sanitization or validation of the input Markdown or embedded HTML is performed, allowing for potentially malicious content to be rendered or read back by the agent.
Audit Metadata