export-chatgpt
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
scripts/export_chatgpt.pydownloads HTML content fromchatgpt.comshare URLs using theurllib.requestlibrary. Since these downloads target a well-known service (OpenAI), the network operation is considered a neutral function of the skill. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection vulnerability surface because it imports untrusted chat history from external URLs into the agent's workspace.
- Ingestion points: Content is ingested via the
fetch_htmlfunction inscripts/export_chatgpt.pyfrom user-provided URLs. - Boundary markers: The script employs dynamic Markdown code fences (via
compute_fence) to encapsulate and isolate message content, which helps distinguish it from other instructions. - Capability inventory: The script has the capability to perform network GET requests and write data to the local file system.
- Sanitization: No validation or sanitization of the conversation text is performed; the skill performs a direct export of the remote content.
Audit Metadata