content-extract
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from external URLs, creating an indirect prompt injection surface.\n
- Ingestion points: Content is retrieved from remote URLs supplied via the
args.urlargument inscripts/content_extract.py.\n - Boundary markers: The skill does not implement boundary markers or instructions to isolate retrieved content from the agent's logic.\n
- Capability inventory: The skill can execute subprocesses via
scripts/content_extract.pyand perform network operations.\n - Sanitization: There is no evidence of sanitization or filtering of the extracted Markdown content to remove potentially malicious instructions.\n- [COMMAND_EXECUTION]: The script
scripts/content_extract.pyexecutes an external script using a path determined at runtime.\n - Evidence: The
_find_mineru_wrapperfunction dynamically computes the path to a sibling skill's script (mineru_parse_documents.py) based on the filesystem layout or environment variables.
Audit Metadata