Skills
skills/inforix/wxcli/wxarticle_creator/Gen Agent Trust Hub

wxarticle_creator

Warn

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The workflow for submitting articles uses the wxcli command with direct string interpolation of the user-supplied <title> and generated <html> content (e.g., wxcli draft add --title "<title>" --content "<html>"). Without rigorous sanitization or the use of safe execution APIs, this pattern is susceptible to command injection if the input contains shell metacharacters like backticks, dollar signs, or escaped quotes.
  • [EXTERNAL_DOWNLOADS]: The skill fetches and executes the markdown-to-html-cli package at runtime using npx. While the NPM registry is a well-known service, this creates a dependency on external code that is executed with the agent's privileges.
  • [PROMPT_INJECTION]: The skill processes untrusted user data (draft) to generate Markdown and HTML, creating an indirect prompt injection vulnerability surface.
  • Ingestion points: The draft and title inputs defined in SKILL.md are the primary entry points for untrusted data.
  • Boundary markers: The instructions do not define delimiters or specific "ignore embedded instructions" warnings when processing the draft.
  • Capability inventory: The skill has the ability to write files to /tmp and execute shell commands via npx and wxcli.
  • Sanitization: There are no explicit sanitization or escaping steps defined before the content is passed to the CLI tools or the shell environment.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 24, 2026, 06:26 PM