defuddle
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions prompt the installation of the
defuddle-clipackage from the NPM registry. This package is the core tool described in the skill and originates from the skill's author context. - [COMMAND_EXECUTION]: The skill utilizes shell commands for environment setup, tool verification, and file manipulation, including
npm install,defuddle,date, andwhich. - [PROMPT_INJECTION]: The skill's primary function is to fetch and process content from external web URLs. This creates a surface for indirect prompt injection where malicious instructions embedded in web pages could be ingested and acted upon by the agent. \n
- Ingestion points: SKILL.md instructions for
defuddle <URL>and local HTML processing. \n - Boundary markers: No explicit boundary markers or instructions to ignore embedded prompts are provided in the skill documentation. \n
- Capability inventory: The agent can execute shell commands (
defuddle,npm) and manipulate files, which are capabilities that could be targeted via indirect injection. \n - Sanitization: While the tool cleans structural 'clutter' such as HTML boilerplate, it does not implement semantic sanitization to filter out malicious natural language instructions.
Audit Metadata