one-stack-newsletter-assets
Warn
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates Python scripts (
build_thumbnail.pyandbuild_excalidraw.py) locally and executes them using thepython3command to generate images and JSON diagrams.\n- [COMMAND_EXECUTION]: The skill performs shell-based interactions with Git, such asgit addandgit commit, to manage assets in the local repository.\n- [COMMAND_EXECUTION]: The skill accesses the local filesystem using hardcoded absolute paths specific to the author (e.g.,/Users/reymerekar/Desktop/...) to read brand configuration and write output.\n- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install thePillowpackage from the Python Package Index (PyPI).\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests data from local configuration and philosophy files to influence the generation of executable Python code.\n - Ingestion points: Reads branding and style context from files located in
branding/and existing issue folders.\n - Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between trusted instructions and data read from the local files.\n
- Capability inventory: The skill possesses the capability to write to the local filesystem, execute Python scripts via shell, and perform Git operations.\n
- Sanitization: No sanitization or validation is applied to the content of ingested files before it is used in the script generation process.
Audit Metadata