markdown-formatter
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructs the agent to execute a shell command using a user-provided file path: 'python3 ~/.claude/skills/markdown-checker/scripts/check_markdown.py "文件路径"'. This is a direct command injection vector if the input path is manipulated with shell metacharacters (e.g., '; rm -rf /').
- [REMOTE_CODE_EXECUTION] (HIGH): The skill facilitates an indirect prompt injection surface by processing potentially malicious external content from web clippings (Twitter/X) while having the capability to run system scripts. 1. Ingestion points: Web clippings and user-supplied file paths. 2. Boundary markers: Absent; there are no instructions to distinguish data from instructions. 3. Capability inventory: Execution of Python scripts via the shell. 4. Sanitization: Absent; no validation or escaping of inputs is defined.
Recommendations
- AI detected serious security threats
Audit Metadata