md-book
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill directs the agent to clone a repository from
https://github.com/terraphim/md-book.git. Because the 'terraphim' organization is not within the defined Trusted External Sources [TRUST-SCOPE-RULE], this constitutes a high-risk download of unverified code. - [REMOTE_CODE_EXECUTION] (HIGH): Following the clone operation, the skill instructs the agent to execute
cargo buildandcargo run. This results in the compilation and execution of arbitrary code from the untrusted repository on the local system. - [COMMAND_EXECUTION] (HIGH): The skill references and encourages the execution of local shell scripts provided by the untrusted repository, specifically
./scripts/setup-cloudflare.shand./scripts/deploy.sh, which could contain malicious commands. - [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The skill reads external markdown files from a user-specified input directory (
-i). - Boundary markers: Absent. There are no delimiters or instructions provided to ensure the agent ignores natural language instructions embedded within the processed markdown files.
- Capability inventory: The agent has the capability to write files to the disk (
-o), execute build commands (cargo), and run deployment scripts. - Sanitization: While the tool disables raw HTML in output by default, there is no sanitization of the input markdown to prevent instructions from influencing the agent's logic during the documentation lifecycle.
Recommendations
- AI detected serious security threats
Audit Metadata