toon-format
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion and conversion of external data (JSON or TOON) for use in LLM context, which presents an attack surface for indirect prompt injection.
- Ingestion points: The
scripts/toon_convert.pyscript reads data from external files or standard input. - Boundary markers: The skill instructions in
SKILL.mdrecommend wrapping TOON data in specific code fences (e.g., ```toon) to help the model distinguish data from instructions. - Capability inventory: The skill can execute external conversion tools and provide processed text to the LLM context.
- Sanitization: No content-level validation or sanitization is performed on the data being converted to prevent embedded instructions from influencing the model.
- [COMMAND_EXECUTION]: The Python wrapper script executes external commands to perform data conversion.
- Location:
scripts/toon_convert.py - Detail: The script uses
subprocess.runwith a list-based argument structure and no shell execution, which is a secure method for calling external processes. - [EXTERNAL_DOWNLOADS]: The skill relies on external software packages for its core functionality.
- Location:
scripts/toon_convert.py,SKILL.md - Detail: The skill uses
npxto run the@toon-format/clipackage from the npm registry. This package is the official tool for the format described and is associated with the skill's author.
Audit Metadata