site-content-catalog
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes untrusted data from external websites. \n
- Ingestion points: The script
scripts/catalog_content.pyfetches content fromsitemap.xml, RSS feeds, and HTML bodies of any domain provided by the user. \n - Boundary markers: There are no explicit delimiters or instructions to treat the crawled content strictly as data rather than instructions. \n
- Capability inventory: The script can perform arbitrary network requests to external domains and write cataloged results to the local file system. \n
- Sanitization: The script uses basic regex-based extraction; it does not sanitize fetched content to prevent it from containing malicious instructions targeted at the agent. \n- [EXTERNAL_DOWNLOADS]: The skill performs network operations to retrieve website data and interact with external services. \n
- Details: It communicates with user-specified domains to fetch sitemaps and content, and it makes API calls to
api.apify.comfor advanced sitemap extraction.
Audit Metadata