toon
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill installation instructions require copying a local script ('scripts/toon') and setting execution permissions ('chmod +x'). The content of the script was not provided in the skill files for verification.\n- EXTERNAL_DOWNLOADS (LOW): The utility relies on 'npx' to run '@toon-format/cli' from the npm registry, which is an external and unverifiable dependency.\n- PROMPT_INJECTION (LOW): The skill presents a surface for Indirect Prompt Injection (Category 8).\n
- Ingestion points: Processes arbitrary JSON data from stdin via pipes from external sources like 'curl'.\n
- Boundary markers: No explicit delimiters or boundary instructions are provided to separate untrusted JSON data from the system prompt.\n
- Capability inventory: The skill transforms external data and prepares it for inclusion in the agent's context window.\n
- Sanitization: There is no evidence of input sanitization or schema validation for the JSON data being processed.
Audit Metadata