case-study
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill dynamically generates a Node.js script (
generate-case-study.js) at runtime to build the PPTX file. This script is then executed via the command line usingnode. This pattern is inherently risky as it executes code constructed from potentially untrusted inputs. - [COMMAND_EXECUTION]: The skill executes multiple shell commands to install dependencies (
npm install,pip install) and run diagnostic tools (python -m markitdown). While the packages are well-known, the broad capability to run shell commands increases the attack surface. - [PROMPT_INJECTION]: The skill is highly vulnerable to indirect prompt injection. It ingests large amounts of untrusted data from user-provided transcripts, notes, and website fetches. This content is used to fill a narrative template and directly influences the generation of the Node.js script in Phase 5, which could lead to code injection if the LLM does not properly sanitize the extracted data.
- [EXTERNAL_DOWNLOADS]: The skill uses
WebFetchor browser automation to retrieve HTML and CSS from user-provided URLs. This functionality could be exploited for Server-Side Request Forgery (SSRF) if an attacker provides a URL targeting sensitive internal network resources.
Audit Metadata