figlet-text-converter
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The script
scripts/process-file.jsis vulnerable to command injection via unsanitized file content. - Evidence: In
scripts/process-file.js, thegenerateAsciiArtfunction interpolates thetextvariable directly into a shell command template:execSync(`npx figlet ${fontFlag} "${text}"`, ...). Thetextvariable is extracted directly from the user-provided file content via regex. - Attack Vector: An attacker can provide a file containing a tag such as
<figlet>"; malicious_command; #</figlet>, which will executemalicious_commandon the host system when processed. - [COMMAND_EXECUTION] (HIGH): The script
scripts/list-fonts.jscontains an identical command injection vulnerability in its owngenerateAsciiArtfunction. - [EXTERNAL_DOWNLOADS] (LOW): The skill uses
npxto run thefigletpackage, which may result in downloading and executing code from the npm registry at runtime. - Evidence: Both
process-file.jsandlist-fonts.jsusenpx figletfor their core functionality. - Risk: This introduces a dependency on the external npm registry's availability and integrity at execution time.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection by processing untrusted data that reaches a privileged sink.
- Ingestion points:
scripts/process-file.jsreads arbitrary file content usingfs.readFileSync. - Boundary markers: The skill uses
<figlet>tags but fails to escape or sanitize the content within them. - Capability inventory: The skill possesses
child_process.execSync(shell execution) andfs.writeFileSync(file system write) capabilities. - Sanitization: No sanitization or validation is performed on the extracted tag content before it is passed to the shell.
Recommendations
- AI detected serious security threats
Audit Metadata