ljg-explain-words
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands like 'open', 'xdg-open', or 'start' to display the generated HTML file. These commands use a filename constructed directly from user input, creating a risk of command injection if the input contains shell-sensitive characters like semicolons or backticks.- [EXTERNAL_DOWNLOADS]: The skill loads the Mermaid.js library from JSDelivr, which is a well-known and trusted service. This is a standard practice for including visualization features and does not pose a direct threat.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it handles untrusted user input without sufficient validation or isolation.
- Ingestion points: The user-provided 'word' variable used throughout the skill's logic.
- Boundary markers: No specific delimiters or safety instructions are present to prevent the agent from misinterpreting instructions hidden within the input word.
- Capability inventory: The skill has the ability to write local files and execute system-level commands to open those files.
- Sanitization: While the instructions suggest changing the word's case, they do not include any steps to sanitize or escape characters that are dangerous to the shell.
Audit Metadata