Skills
NYC
skills/smithery/ai/playground/Gen Agent Trust Hub

playground

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • PROMPT_INJECTION (HIGH): High risk of Indirect Prompt Injection. The skill's primary purpose is to ingest untrusted external data (documents, git diffs, pull requests) to build interactive playgrounds.
  • Ingestion points: templates/document-critique.md and templates/diff-review.md ingest external documents and codebases into the agent context.
  • Capability inventory: The skill writes a local HTML file and then executes a shell command to open it.
  • Sanitization: No sanitization or escaping instructions are provided to handle malicious input within the external documents.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are specified.
  • COMMAND_EXECUTION (HIGH): The skill explicitly directs the agent to run open <filename>.html in the user's terminal. This automatically launches the generated file in the default browser. If the generated file contains malicious scripts derived from poisoned input, the agent facilitates local execution of those scripts.
  • DATA_EXFILTRATION (MEDIUM): Because the skill generates and opens HTML files locally, injected JavaScript could potentially attempt to exfiltrate sensitive data from the browser environment or local session context.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:33 AM