sigma
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
opencommand to launch the default web browser for viewing generated HTML learning roadmaps and visual summaries stored in thesigma/directory.\n- [EXTERNAL_DOWNLOADS]: Generated HTML visualization templates include script and style references toesm.sh, a well-known CDN for JavaScript modules (React and Excalidraw).\n- [PROMPT_INJECTION]: The skill processes untrusted user input, such as learning topics and question responses, which are then interpolated into session records and HTML visualizations, creating a potential surface for indirect prompt injection.\n - Ingestion points: User input for topics and responses defined in the tutoring loop in
SKILL.md.\n - Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are used when writing user data to files.\n
- Capability inventory: Local file system write access and execution of the
opencommand.\n - Sanitization: No evidence of input escaping or validation before embedding external content into generated HTML or Markdown files.
Audit Metadata