xmind
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill frequently executes a local Python script (
scripts/xmind_tool.py) usingsubprocesspatterns to manage XMind files. While these are controlled internal calls, they involve shell execution. - Evidence (SKILL.md): Calls like
python skills/xmind/scripts/xmind_tool.py --session <session-id> parse <file.xmind>are used across all major scenarios. - [DATA_EXFILTRATION] (SAFE): The skill reads and writes files on the local filesystem (specifically in
/tmp/skills-xmind-parsed/). However, there are no network operations or external data transmissions detected in the provided markdown instructions. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it parses external
.xmindfiles and converts them into Markdown for the agent's memory. - Ingestion Point:
python ... parse <file.xmind>reads external untrusted files. - Boundary Markers: None explicitly mentioned in the instructions to separate parsed content from system instructions.
- Capability Inventory: Includes file reading, file writing, and command execution via the tool script.
- Sanitization: No mention of sanitizing the content extracted from XMind files before presenting it to the LLM.
Audit Metadata