paper-comic
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's workflow relies on executing a script from an external skill directory using
npx -y bun "$SKILL_DIR/scripts/main.ts". This involves running code from a dynamically determined path on the local filesystem. - [EXTERNAL_DOWNLOADS]: The use of
npx -ycan trigger the automatic download of thebunruntime or other Node.js packages from the npm registry if they are not present on the host system. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from academic papers to drive the creative generation process.
- Ingestion points: The skill reads paper content from PDF or Markdown files provided by the user in Step 1 of the workflow.
- Boundary markers: There are no explicit delimiters or instructions provided to the LLM to ignore potentially malicious instructions embedded within the paper text during the storyboard and character design phases.
- Capability inventory: The skill has the capability to execute shell commands (via
npx) and generate files in the local filesystem. - Sanitization: No sanitization or filtering of the input paper content is mentioned before it is interpolated into prompts for generating outlines, characters, and image descriptions.
Audit Metadata