Skills
skills/bahayonghang/my-claude-code-settings/knowledge-absorber/Gen Agent Trust Hub

knowledge-absorber

Warn

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/content_ingester.py executes pip install via subprocess.check_call to manage dependencies and uses os.execv to perform process replacement for restarting the script.
  • [EXTERNAL_DOWNLOADS]: Automatically installs Python packages from requirements.txt at runtime and fetches content from user-provided URLs using requests and the DrissionPage browser automation library.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it retrieves content from external URLs or files and incorporates it into the agent context for processing.
  • Ingestion points: content_ingester.py (fetches content from user-provided URLs or local paths).
  • Boundary markers: Uses a basic text delimiter (=== CONTENT ===) but lacks explicit instructions to the model to ignore instructions embedded in the source data.
  • Capability inventory: The agent can create directories (mkdir) and write arbitrary Markdown and HTML files to the project root.
  • Sanitization: Employs html2text for basic HTML cleaning, which does not filter out malicious natural language instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 24, 2026, 03:17 PM