toon
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill documentation recommends using
npx @toon-format/cli, which fetches and executes code from the npm registry. The@toon-formatorganization is not a trusted source, creating a risk of executing malicious or compromised code. - PROMPT_INJECTION (MEDIUM): This skill is specifically designed to ingest external data (e.g., from
curl) and format it for the agent's context. This presents an indirect prompt injection surface. (1) Ingestion points: JSON data fromcurlpipes or local files; (2) Boundary markers: None present in the provided examples or instructions; (3) Capability inventory: The formatted output is explicitly intended for the LLM context to influence reasoning and reduce token usage; (4) Sanitization: No input validation or instruction filtering is mentioned. - COMMAND_EXECUTION (LOW): The skill makes extensive use of shell piping and utilities like
curlandjq, which is expected for data processing but increases the complexity of the execution environment.
Audit Metadata