runbook-generator
Warn
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/create-runbook.shscript utilizes a user-supplied path argument inmkdir -pandcpcommands without validation. This creates a path traversal vulnerability where the agent could be manipulated into writing files to unauthorized directories on the host system. - [PROMPT_INJECTION]: As a tool designed to generate executable scripts and markdown from natural language, the skill possesses an indirect prompt injection surface. (1) Ingestion points: User descriptions of runbook steps in SKILL.md. (2) Boundary markers: None identified in the script generation or template interpolation process. (3) Capability inventory: File system writes and shell script generation. (4) Sanitization: No input filtering or escaping is performed on user content before processing.
- [EXTERNAL_DOWNLOADS]: Installation instructions reference the author's GitHub repository via
npx, which is a standard distribution method for this vendor's tools and is documented neutrally.
Audit Metadata