pst-generate
Warn
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill implements a workflow that reads code from a manifest file, writes it to the local file system, and then executes it using a test runner. This pattern allows for the execution of any code contained within the plan file.
- [COMMAND_EXECUTION]: Utilizes npx playwright test to run generated scripts, which involves executing shell commands with arguments derived from external data.
- [PROMPT_INJECTION]: The skill is susceptible to indirect injection as it processes untrusted data from session plans to perform sensitive operations. Ingestion points: .pst/sessions/[name]/plan.md. Boundary markers: Absent; the skill is instructed to follow the manifest instructions without validation. Capability inventory: Arbitrary file creation and command execution via npx. Sanitization: None; the skill uses the 'exact, complete content' provided in the plan file.
Audit Metadata