webtoon-harness

Fail

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The scripts/install.sh script clones the full agent harness from an external, non-vetted repository: https://github.com/revfactory/webtoon-harness.
  • [COMMAND_EXECUTION]: The installation process involves executing a shell script that performs directory creation, git cloning, and file copying into the sensitive .claude/ project directory.
  • [REMOTE_CODE_EXECUTION]: By installing 27 agents and 6 methodology skills into the local .claude/ directory, the skill introduces unreviewed executable logic into the platform's environment. These agents are granted permissions like Bash, Read, and Write, allowing them to execute arbitrary system commands.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. During Phase 2 (Research), the scrapling skill is used to fetch live web data (platform rankings, reader reactions, and serialization structures). This untrusted external content is then processed by the agent team to influence the scenario and visual production phases.
  • Ingestion points: Phase 2 fetches live web data from external platforms via the scrapling skill.
  • Boundary markers: The instructions lack mentions of explicit delimiters or instructions to ignore embedded commands within the fetched data.
  • Capability inventory: The agent team has access to tools including Bash, Read, Write, and Agent, allowing for subprocess execution and system modification.
  • Sanitization: No sanitization or validation of the fetched web data is described before it is synthesized into the planning brief.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 30, 2026, 04:50 AM
Security Audit — agent-trust-hub — webtoon-harness