panews-creator
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The workflow involves executing
npx --yes md4xorbunx md4xto convert Markdown to HTML. This pattern involves downloading and executing untrusted code from a public registry during runtime.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes data from external sources without adequate sanitization or boundary markers.\n - Ingestion points: The skill fetches user details, column applications, and tag names from
https://universal-api.panewslab.comand reads local file content viacreate-article.mjs.\n - Boundary markers: No delimiters or explicit instructions are provided to the agent to ignore instructions embedded in the API responses or file content.\n
- Capability inventory: The skill has file system access (
node:fs), network access (fetch), and the ability to execute shell commands via the agent workflow.\n - Sanitization: There is no evidence of filtering or validation of the text returned from the API or read from local files before it is passed to the agent context.\n- [DATA_EXFILTRATION]: The skill handles sensitive authentication tokens (
PA-User-Session). While these are sent only to the legitimate vendor domain (universal-api.panewslab.com), the management of these tokens from environment variables and user input represents a potential exposure surface.\n- [COMMAND_EXECUTION]: The skill relies on the execution of shell commands for its core workflow, specifically for content formatting and conversion tasks.
Audit Metadata