shaoji-style-writer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill instructions include a template for executing a shell command:
python scripts/generate_schematic.py "your diagram description" -o figures/output.png. This pattern is highly vulnerable to command injection if the user-provided 'diagram description' contains shell metacharacters (e.g.,;,&,|,`). - REMOTE_CODE_EXECUTION (MEDIUM): The skill relies on an external/missing script
scripts/generate_schematic.py. Since the code for this script is not included in the skill package, its behavior cannot be verified, and it may perform unauthorized actions when called by the agent. - INDIRECT PROMPT INJECTION (HIGH): Mandatory Evidence Chain for Category 8:
- Ingestion points: User-provided natural language descriptions for diagrams (SKILL.md).
- Boundary markers: None. The input is directly interpolated into a command string.
- Capability inventory: Execution of subprocesses via
python(SKILL.md). - Sanitization: None. The instructions suggest direct interpolation of user strings into the execution path.
Recommendations
- AI detected serious security threats
Audit Metadata