playground
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the
opencommand to launch generated HTML files in the browser. Additionally, thediff-reviewtemplate suggests usinggit showto fetch commit data, which involves executing shell commands with variable parameters. \n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted external data like codebases, git diffs, and documents to populate playgrounds. \n - Ingestion points: External content is read from files and git history in templates like
diff-review.mdanddocument-critique.md. \n - Boundary markers: There are no explicit instructions for the agent to use boundary markers or ignore embedded instructions within the ingested data. \n
- Capability inventory: The skill possesses the ability to execute shell commands (
open,git) and generate executable HTML/JS. \n - Sanitization: The instructions lack guidance on sanitizing or escaping the ingested content before it is rendered into the HTML playground, potentially allowing for Cross-Site Scripting (XSS) in the user's local browser environment.
Audit Metadata