webtoon-harness
Fail
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
scripts/install.shscript clones the full agent harness from an external, non-vetted repository:https://github.com/revfactory/webtoon-harness. - [COMMAND_EXECUTION]: The installation process involves executing a shell script that performs directory creation, git cloning, and file copying into the sensitive
.claude/project directory. - [REMOTE_CODE_EXECUTION]: By installing 27 agents and 6 methodology skills into the local
.claude/directory, the skill introduces unreviewed executable logic into the platform's environment. These agents are granted permissions likeBash,Read, andWrite, allowing them to execute arbitrary system commands. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. During Phase 2 (Research), the
scraplingskill is used to fetch live web data (platform rankings, reader reactions, and serialization structures). This untrusted external content is then processed by the agent team to influence the scenario and visual production phases. - Ingestion points: Phase 2 fetches live web data from external platforms via the
scraplingskill. - Boundary markers: The instructions lack mentions of explicit delimiters or instructions to ignore embedded commands within the fetched data.
- Capability inventory: The agent team has access to tools including
Bash,Read,Write, andAgent, allowing for subprocess execution and system modification. - Sanitization: No sanitization or validation of the fetched web data is described before it is synthesized into the planning brief.
Recommendations
- AI detected serious security threats
Audit Metadata