interactive-study-guide
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The workflow in Step 2 explicitly runs
bash scripts/scaffold.sh. Executing shell scripts bundled within a skill is a high-risk activity as the script's contents are opaque to the agent's primary safety filters and can perform arbitrary system modifications. - [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8).
- Ingestion points: It accepts a path to an external markdown study guide (Step 1).
- Boundary markers: None. The skill parses the file based on heading patterns but does not include delimiters or instructions to ignore embedded commands.
- Capability inventory: It has the power to run shell scripts, install npm packages, and launch a web server (
npx vite). - Sanitization: None mentioned. Malicious markdown content could inject scripts into the generated SPA (XSS) or attempt to influence the scaffolding process.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill performs
npm installin Step 2. This downloads and executes code from the npm registry. While common for development, these dependencies are unverifiable and could be subject to supply chain attacks, especially if thescaffold.shscript specifies obscure packages. - [REMOTE_CODE_EXECUTION] (MEDIUM): Step 5 executes
npx vite --open. Running a local server and automatically opening a browser on generated code (which may contain injected content from the input markdown) facilitates the execution of potentially malicious web-based payloads.
Recommendations
- AI detected serious security threats
Audit Metadata