tech-article-humanizer
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) as it processes untrusted article source materials while possessing file-write and execution capabilities. 1. Ingestion points: User-provided content or file paths in the Workflow section of SKILL.md. 2. Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands. 3. Capability inventory: The agent has the ability to write files to the 'outputs/' directory and execute the 'scripts/validate_article.py' script via subprocess. 4. Sanitization: Absent; no validation or escaping of input content or paths is defined.
- [COMMAND_EXECUTION] (MEDIUM): The validation command 'python scripts/validate_article.py outputs/YYYYMMDD-{topic-slug}.md' is susceptible to command injection if the '{topic-slug}', which is derived from user-influenced content or titles, is not strictly sanitized before being passed to the shell.
- [DATA_EXFILTRATION] (MEDIUM): The skill prompts the user to provide a 'file path' for source material. Without path validation or restriction to a sandbox, an attacker could provide paths to sensitive system files (e.g., ~/.ssh/id_rsa), leading to unauthorized data exposure when the agent reads and 'humanizes' the content.
Recommendations
- AI detected serious security threats
Audit Metadata