Skills
skills/lum1104/understand-anything/understand-dashboard/Gen Agent Trust Hub

understand-dashboard

Warn

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses the Bash tool to execute multi-line script logic for path resolution, environment verification, and managing the build/execution lifecycle of the dashboard.
  • [EXTERNAL_DOWNLOADS]: Invokes pnpm install which fetches packages from the public npm registry to set up the dashboard environment.
  • [REMOTE_CODE_EXECUTION]: Automatically runs pnpm build and npx vite, executing code within the dynamically resolved dashboard directory.
  • [PROMPT_INJECTION]: The skill processes project-specific data from knowledge-graph.json without explicit boundary markers or sanitization, creating an indirect prompt injection surface. Evidence: 1. Ingestion point: .understand-anything/knowledge-graph.json (SKILL.md); 2. Boundary markers: Absent; 3. Capability inventory: Shell execution via Bash tool (pnpm, npx, realpath) in SKILL.md; 4. Sanitization: Absent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 26, 2026, 08:19 AM