Skills
skills/gpttang/skill-atlas/format-markdown/Gen Agent Trust Hub

format-markdown

Warn

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/autocorrect.ts executes a shell command using execSync that includes the filePath variable within double quotes. Since the variable is not escaped, a malicious filename containing shell metacharacters (e.g., backticks or dollar signs) could lead to arbitrary command execution on the host system.
  • [EXTERNAL_DOWNLOADS]: The skill's instructions and scripts utilize npx to download and run bun and the autocorrect-node utility from the NPM registry at runtime. While these are established tools, performing remote downloads and execution at runtime is a noteworthy behavior.
  • [PROMPT_INJECTION]: The skill processes user-supplied markdown and plain text files, creating an indirect prompt injection surface. Maliciously crafted content in these files could attempt to influence the agent's behavior during analysis or if the formatted output is subsequently interpreted as instructions.
  • Ingestion points: Reads user-specified markdown/text files in the workflow described in SKILL.md.
  • Boundary markers: None explicitly defined to isolate processed content from instructions.
  • Capability inventory: File system writes (main.ts), shell command execution (SKILL.md), and sub-process execution via execSync (scripts/autocorrect.ts).
  • Sanitization: Uses the unified and remark libraries for structured markdown parsing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 16, 2026, 11:10 AM
Security Audit — agent-trust-hub — format-markdown