knowledge-site-creator
Warn
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses extensive shell commands including mkdir, cd, cat, and git to automate the site generation and deployment process. It performs these actions using the vercel --prod --yes command, which bypasses deployment confirmations.
- [REMOTE_CODE_EXECUTION]: The skill employs dynamic execution by constructing Python scripts and Node.js code blocks at runtime. These scripts are executed using shell redirection (python3 << 'PYEOF') and node -e. This includes evaluating (eval()) content generated by the agent based on user input, which poses a risk if user input influences the generated code logic.
- [DATA_EXFILTRATION]: The skill's instructions and the update-css.sh script target a hardcoded directory within a specific user profile: /Users/joe/Dropbox/code/. Accessing and modifying specific paths within a user's home directory is considered an exposure risk.
- [COMMAND_EXECUTION]: Indirect Prompt Injection Surface. ● Ingestion points: User-provided topic string in the initial prompt. ● Boundary markers: Absent during the generation of data files. ● Capability inventory: Shell commands, Python/Node execution, Vercel deployment. ● Sanitization: User input is not sanitized before being used to generate executable data or content for the site.
Audit Metadata