ad-compliance-review
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
SKILL.mdfile instructs the agent to execute the local scriptscripts/generate_report.js. This script useschild_process.execSyncto run the system commandnpm config get prefix. It also usesfs.writeFileSyncto write files to locations specified by command-line arguments, which could be manipulated to overwrite local files if not properly sandboxed. - [EXTERNAL_DOWNLOADS]: The script
scripts/generate_report.jsrelies on the external Node.js packagedocx. The skill does not provide apackage.jsonfile, meaning the dependency version is not locked, posing a potential supply chain risk. - [COMMAND_EXECUTION]: The reporting script dynamically modifies the module search path (
module.paths.unshift) using a path derived at runtime from system command output, which is a form of dynamic execution logic. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It ingests untrusted advertising content into its processing pipeline without boundary markers or sanitization. Combined with its file-writing and command execution capabilities (found in
scripts/generate_report.js), this allows malicious input to potentially influence the agent's report generation and file-handling behavior. Evidence includes: (1) Ingestion inSKILL.mdworkflow, (2) Lack of boundary markers, (3) Capability inventory includes file-writing andexecSyncinscripts/generate_report.js, (4) No sanitization is specified.
Audit Metadata