Skills
skills/acaprino/alfio-claude-plugins/markmind-exporter/Gen Agent Trust Hub

markmind-exporter

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a Python script using a shell heredoc pattern (cat <<'EOF') to pipe user-provided JSON. This creates a surface for command injection if the input content is not properly handled by the agent or if it contains the delimiter sequence.\n
  • Ingestion points: Untrusted mindmap JSON is ingested from user input, external files, or prior skill outputs in SKILL.md (Step 2) and scripts/generate_markmind.py.\n
  • Boundary markers: The workflow uses a shell heredoc with the delimiter 'EOF'. While quoting the delimiter prevents shell expansion of the content, it does not prevent a maliciously crafted input from terminating the heredoc early to inject subsequent shell commands.\n
  • Capability inventory: The skill possesses file-write capabilities via the scripts/generate_markmind.py script, which writes generated markdown to the local filesystem.\n
  • Sanitization: The Python script performs structural validation of the JSON (checking for 'root' and 'branches' keys) but does not sanitize the string content of nodes for markdown injection or control characters before writing to the output file.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 03:15 AM