midscene-yaml-generator
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute local Node.js scripts (scripts/health-check.jsandscripts/midscene-run.js) to verify the environment and execute generated automation workflows. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it transforms untrusted user-provided natural language into executable YAML configurations. These configurations have the capability to execute shell commands (
external_call: shell) and JavaScript (javascript:), which could be exploited if a user provides malicious instructions. - [PROMPT_INJECTION]: \n
- Ingestion points: User-provided natural language descriptions of automation tasks. \n
- Boundary markers: None identified; the skill processes the raw input string to generate structured YAML. \n
- Capability inventory: Access to file system tools (
Read,Write,Edit,Bash) and the ability to execute generated shell and JavaScript code through the automation runner. \n - Sanitization: Includes an explicit 'Safety Considerations' section that guides the AI to avoid generating destructive shell commands, prevent SSRF via
external_call: http, and avoid exposing sensitive environment variables.
Audit Metadata