Skills
skills/panaversity/agentfactory/upload-chapter-slides/Gen Agent Trust Hub

upload-chapter-slides

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The skill takes several user-provided inputs (pdf_path, title, name) and interpolates them directly into a Bash command string in Step 3 (uv run python scripts/upload_asset.py --file "{pdf_path}" ...). If these inputs contain shell metacharacters like backticks, semicolons, or pipe symbols, it could allow an attacker to execute arbitrary commands on the system.
  • DATA_EXPOSURE (LOW): The Path Constants section contains hardcoded absolute paths (/Users/mjs/Documents/...) which reveal the specific username and directory structure of the host machine. This is a best-practice violation and a minor information leak.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill ingests untrusted user data (Step 1) and writes it into a README.md file (Step 4) without explicit sanitization or boundary markers. While the primary risk is the execution flow, the data interpolation into YAML frontmatter could potentially disrupt downstream processes that parse the README.
  • Ingestion points: User arguments pdf_path, chapter_num, title, name.
  • Boundary markers: None present.
  • Capability inventory: Uses Bash for execution and Edit for file modification.
  • Sanitization: None described in the workflow; arguments are used as-is.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:30 PM