content-digest
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to process data. It uses
yt-dlpfor YouTube subtitle extraction and a pipeline of Unix utilities (sed,tr,grep) for text cleaning. It also runs a local Python script to fetch social media content. - [EXTERNAL_DOWNLOADS]: The skill downloads content from external sources including YouTube, X/Twitter, and general webpages. It uses browser automation tools to navigate and retrieve text from dynamic websites.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing untrusted external content.
- Ingestion points: Untrusted data enters the agent through YouTube transcripts, scraped webpage text, social media API responses, and local PDF documents.
- Boundary markers: There are no explicit delimiters or instructions provided to the subagents to ignore or isolate potential commands embedded within the summarized content.
- Capability inventory: The skill has access to subagent creation, file system writes in specific research directories, web search capabilities, and shell command execution.
- Sanitization: Sanitization is restricted to removing formatting elements like timestamps and HTML tags, but it does not sanitize for instructional text that could influence the LLM's behavior.
Audit Metadata