Skills
AGENT LAB: SKILLS
skills/plugins-world/pw-skills/pw-redbook-image/Gen Agent Trust Hub

pw-redbook-image

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The skill instructs the agent to execute shell commands in Step 5, including node and brew. These commands incorporate a {topic-slug} variable derived from the article's title or content. If the transformation to 'kebab-case' does not strictly sanitize shell metacharacters (e.g., semicolons, backticks), an attacker could provide a malicious title to achieve command injection.
  • EXTERNAL_DOWNLOADS (MEDIUM): Step 5 recommends the execution of brew install imagemagick, which involves downloading and installing third-party software from external repositories.
  • PROMPT_INJECTION (LOW): Category 8 (Indirect Prompt Injection) vulnerability is present because the skill processes untrusted data from external URLs and local files.
  • Ingestion points: SKILL.md (Step 1) specifies fetching content via URL (WebFetch) and reading local files (Read).
  • Boundary markers: Absent; the skill does not use delimiters or instructions to prevent the agent from obeying commands embedded within the fetched article content.
  • Capability inventory: Shell execution (Step 5), network access (WebFetch), and file system access (creating directories and writing prompt files).
  • Sanitization: No sanitization or escaping of the ingested article content is mentioned before it is processed by the LLM or used in shell command strings.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 05:05 PM