openpress
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill manages workspace operations by executing local Node.js scripts (
node engine/cli.mjs) and npm scripts (npm run build,npm run dev,npm run openpress:pdf). These are used for validation, rendering, and export tasks. - [EXTERNAL_DOWNLOADS]: It provides instructions for bootstrapping new environments using
npm create @open-press, which involves fetching the framework's creation tool from the npm registry. - [PROMPT_INJECTION]: The skill processes user-controlled MDX source files, creating an indirect prompt injection surface.
- Ingestion points: Source text within the
press/directory. - Boundary markers: None identified for distinguishing content from instructions.
- Capability inventory: Subprocess execution via
npm/nodeand file modification viareplace. - Sanitization: Relies on human-in-the-loop verification (previewing replacements) rather than automated filtering.
Audit Metadata