team-ideation
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill directs the Archivist agent to dynamically generate a Python build script (
build_capsule.py) and subsequently execute it usingpython3to render PDF documents from session data. - [EXTERNAL_DOWNLOADS]: The skill performs runtime installation of several packages including
weasyprint,pdfkit, and@mermaid-js/mermaid-clifrom public registries (PyPI and NPM). It also includes a fallback mechanism that injects a Mermaid library script from a public CDN into the generated distribution web page. - [PROMPT_INJECTION]: The skill possesses a significant attack surface for indirect prompt injection due to its processing of untrusted external content.
- Ingestion points:
SKILL.md(Step 1: Capture Source Materials) and the Explorer agent utilizeWebFetchandWebSearchto ingest data from user-provided URLs and files. - Boundary markers: Absent; there are no explicit delimiters or instructions to ignore embedded commands within the ingested content.
- Capability inventory: The skill has broad capabilities including shell command execution (
bash,pip,npx), dynamic script execution (python3), file system modification, and network access. - Sanitization: Absent; the content fetched from URLs is converted to markdown and processed directly by the agent team without validation or filtering.
- [COMMAND_EXECUTION]: The skill uses bash commands to modify agent environment configurations, create session directory structures, and execute package management tools.
Audit Metadata