Skills
skills/lintendo/axhub-make/genie-editor-cli-workflow/Gen Agent Trust Hub

genie-editor-cli-workflow

Warn

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @axhub/genie package from the NPM registry to enable its core functionality.\n- [COMMAND_EXECUTION]: The skill uses npx @axhub/genie to interact with a local service, providing it with access to the project's working directory through the --cwd parameter and writing screenshots to local directories.\n- [PROMPT_INJECTION]: The skill processes untrusted data from an external editor and is vulnerable to indirect prompt injection.\n
  • Ingestion points: Data retrieved via CLI commands such as editor nodes list and snapshot, including element labels and task notes (found in SKILL.md and references/cli-reference.md).\n
  • Boundary markers: No explicit delimiters or instructions are provided to isolate the data retrieved from the editor from the agent's instructions.\n
  • Capability inventory: The agent is instructed to implement code changes in the user's project based on information retrieved from the external service.\n
  • Sanitization: The skill does not specify any validation or sanitization of the input content before it is used to drive code modifications.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 20, 2026, 06:31 AM
Security Audit — agent-trust-hub — genie-editor-cli-workflow