softcopyright
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): Scripts such as
auto-print-pdf.jsandsystem-chrome-pdf.jsutilizeexecandexecSyncto open generated HTML files in system browsers. The file paths for these commands are constructed from project directory names without proper shell escaping, which could allow for command injection if the skill is executed on a maliciously named directory. - [EXTERNAL_DOWNLOADS] (LOW): The
FontManagerclass inscripts/font-manager.jsdownloads font files from external sources including Google and GitHub to support the rendering of Chinese characters in PDF output. - [REMOTE_CODE_EXECUTION] (MEDIUM): The utility
scripts/auto-print-pdf.jsinjects JavaScript into local HTML files and then triggers the system browser to execute them. This behavior, while intended for the 'auto-print' feature, creates a risk where malicious project data could influence browser-side execution. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted project source code and configuration files. Ingestion points occur via
scripts/scanner.js. There are no specific boundary markers or instructions to prevent the agent from following commands embedded within the processed code. Capabilities include file system manipulation and subprocess execution. Sanitization is limited to basic filename character replacement.
Audit Metadata