claude-typer
Warn
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The workflow defined in
SKILL.mduses an unsafe bash template:/usr/local/bin/python3 "$skill_dir/scripts/render_claude_typer.py" "<prompt>". - Directly interpolating user-supplied input into a shell command string allows for command injection if the input contains control characters like backticks, semicolons, or dollar signs.
- [REMOTE_CODE_EXECUTION]: The script
scripts/render_claude_typer.pyrenders content fromhttps://www.laosunwendao.comusing the Remotion CLI. - This involves executing JavaScript from an external, non-trusted source within a headless browser environment, which could be leveraged to exploit the local system or access sensitive files.
- [PROMPT_INJECTION]: The inclusion of a
--runner-prefixargument allows the agent to define the base command used for execution. - This high-privilege capability can be manipulated through prompt injection to trick the agent into executing arbitrary shell commands instead of the intended rendering tools.
- [EXTERNAL_DOWNLOADS]: The skill downloads and executes packages from the npm registry at runtime and fetches composition data from a third-party domain.
- It uses
npxto download@remotion/cliand@remotion/tailwind-v4from npm, and fetches assets fromhttps://www.laosunwendao.com, which is not a recognized trusted vendor or well-known service.
Audit Metadata