office
Warn
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The agent instructions in 'agents/office-docs.md' explicitly direct the agent to 'Execute silently
- run the script, don't show the code'. This removes the safety barrier of user review, allowing potentially malicious generated code to run undetected.
- [COMMAND_EXECUTION]: The skill's primary workflow involves the agent writing a custom TypeScript file to a temporary path ('/tmp/generate-doc.ts') and executing it using 'npx tsx'. This dynamic code generation and execution pattern is a high-risk activity when review is bypassed.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Because user-provided content is interpolated into the 'data/content sections' of the generated script without sanitization, an attacker could provide input designed to 'break out' of string literals and execute arbitrary system commands during the script's execution phase.
- [PROMPT_INJECTION]: The agent instructions lack mandatory sanitization logic or boundary markers (delimiters) to separate untrusted user data from the executable script logic, increasing the likelihood of successful injection attacks.
Audit Metadata