speed
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from
$ARGUMENTSor previous conversation history and interpolates it directly into a JavaScript context within a local HTML file. * Ingestion points:$ARGUMENTSand conversation history (SKILL.md). * Boundary markers: Absent. * Capability inventory: Uses the 'Write' tool to modify~/.claude/skills/speed/data/reader.htmland the 'Bash' tool to execute theopencommand. * Sanitization: Relies on the agent to manually 'Escape quotes and backslashes', which is an unreliable security control against adversarial input designed to break out of JavaScript string literals. - [COMMAND_EXECUTION]: The skill uses the 'Bash' tool to run the
opencommand on a local file path. This action triggers the execution of the dynamically generated HTML/JavaScript content in the user's default web browser.
Audit Metadata