playground
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run the
opencommand on a generated HTML file to launch it in the user's default web browser. While this is the intended functionality for a playground builder, it involves the execution of system commands on dynamically created content.- [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface through its 'copy-back' design, where a user interacts with a generated tool to produce a prompt that is subsequently fed back into the AI agent. - Ingestion points: Untrusted data enters the system through user-provided content such as codebase architecture descriptions, code diffs, or documents to be critiqued, which are processed using the templates in the
templates/directory. - Boundary markers: The templates (e.g.,
templates/document-critique.mdandtemplates/diff-review.md) do not implement boundary markers or instructions to the LLM to ignore potentially malicious embedded content in the generated prompt. - Capability inventory: The skill generates HTML/JavaScript files and invokes the system
opencommand. - Sanitization: There is no evidence of sanitization or escaping of user-provided feedback or notes before they are interpolated into the generated prompt string within the playground's logic.
Audit Metadata