youmind-webpage-generator
Warn
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The workflow in
SKILL.md(Step 3) performs direct string interpolation of user-provided descriptions into ayoumind callshell command. This creates a command injection vulnerability where shell metacharacters or single quotes in the description could be exploited to execute arbitrary commands on the host system.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the@youmind-ai/clipackage. While this is a vendor-owned resource, global installation of external binaries increases the attack surface of the environment.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to the ingestion of untrusted data into a high-capability workflow.\n - Ingestion points: User description input processed in Step 3 of
SKILL.md.\n - Boundary markers: None; the description is interpolated directly into a JSON payload within a shell command.\n
- Capability inventory: Bash command execution, vendor API interaction via CLI, and Node.js execution.\n
- Sanitization: No validation or escaping is applied to the description before interpolation.\n- [COMMAND_EXECUTION]: Step 5 of the workflow uses
node -eto execute a script for parsing JSON results. Although the script logic appears benign, the use of dynamic execution to handle external data is a security-sensitive practice.
Audit Metadata