Skills
skills/clementwalter/claudine/share/Gen Agent Trust Hub

share

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script uses subprocess.run to call the surf CLI tool for browser automation tasks, including navigation, tab listing, and JavaScript execution.
  • [EXTERNAL_DOWNLOADS]: The requests library is used to download remote image assets to inline them as base64 data URIs.
  • [PROMPT_INJECTION]: The skill processes untrusted data from local HTML files and URLs, presenting a risk of indirect prompt injection.
  • Ingestion points: Untrusted content enters the skill in html_to_share.py through file reading and surf-mediated URL fetching.
  • Boundary markers: There are no explicit boundary markers or warnings provided to the agent to treat the processed content as untrusted data.
  • Capability inventory: The skill can execute the surf CLI and write files to the user's Desktop and cache directories.
  • Sanitization: Content is cleaned via regex to remove tracking and navigation elements and processed through a Markdown converter, but no robust security sanitization is applied.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 01:16 AM