Skills
skills/terraphim/terraphim-skills/md-book/Gen Agent Trust Hub

md-book

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs cloning from 'https://github.com/terraphim/md-book.git', which is an untrusted third-party repository.
  • [REMOTE_CODE_EXECUTION] (HIGH): Instructions encourage building and running unverified code and scripts ('cargo build', 'cargo run', './scripts/setup-cloudflare.sh', './scripts/deploy.sh') from the untrusted repository.
  • [COMMAND_EXECUTION] (MEDIUM): Installation of the 'pagefind' binary via 'cargo install' executes unverified third-party code.
  • [PROMPT_INJECTION] (MEDIUM): Detection of an indirect prompt injection surface. 1. Ingestion points: Markdown files in the input directory. 2. Boundary markers: 'allow-html = false' configuration. 3. Capability inventory: File writes, local server hosting, and deployment script execution. 4. Sanitization: Default settings disable raw HTML processing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 07:32 AM