Skills
skills/aicoder2048/story-writer/pdf2audio-minimax/Gen Agent Trust Hub

pdf2audio-minimax

Fail

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill constructs a shell command (mv) using variables derived from untrusted external sources, specifically the PDF file's parent directory name (STORY_NAME) and the text content of the PDF itself (CHAPTER_TITLE). Because these variables are interpolated into a command string without sanitization, an attacker can include shell metacharacters like semicolons, backticks, or pipes to execute arbitrary commands.
  • [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface. It ingests untrusted text from a PDF file (Step 3) and uses that data to perform file system operations (Step 6) without sanitization or boundary markers to prevent the agent from interpreting control characters embedded in the content.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 28, 2026, 08:13 PM
Security Audit — agent-trust-hub — pdf2audio-minimax