speed
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted data from arguments or previous conversation history, which could contain malicious instructions.
- Ingestion points:
$ARGUMENTSand the previous conversation response. - Boundary markers: Absent; the content is directly interpolated into a script tag.
- Capability inventory:
Write,Bash, andReadtools are available, allowing file modification and command execution. - Sanitization: Relies on the LLM to manually 'Escape quotes and backslashes for JavaScript', which is prone to error or bypass.
- [Dynamic Execution] (LOW): The skill generates executable JavaScript code at runtime by concatenating user input into a script block.
- Evidence: The instruction to replace
<!-- CONTENT_PLACEHOLDER -->with a<script>tag containing dynamic content. - [Command Execution] (SAFE): The skill uses the
opencommand via Bash to launch a local file. This is standard behavior for the intended functionality and does not involve privilege escalation or obfuscation.
Audit Metadata