ljg-xray-prompt
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to run the 'open' command on macOS to launch a generated HTML file (/tmp/ljg_xray_prompt_analysis_result.html). Executing shell commands based on dynamically generated content is a security-sensitive action.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). 1. Ingestion points: User input is processed and embedded in a local file. 2. Boundary markers: No delimiters or ignore instructions are present in the template. 3. Capability inventory: The skill can write files and execute system commands. 4. Sanitization: The instructions lack requirements for escaping or sanitizing user-provided strings before insertion into the HTML, which may allow malicious content to be interpreted as HTML or JavaScript when the file is opened.
- [EXTERNAL_DOWNLOADS]: The skill's HTML template references Google Fonts (fonts.googleapis.com), which is a well-known and trusted external service.
Audit Metadata