Skills
skills/dedalus-erp-pas/foundation-skills/article-extractor/Gen Agent Trust Hub

article-extractor

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from arbitrary external URLs.
  • Ingestion points: Content is fetched from user-provided URLs using curl, reader, or trafilatura as described in SKILL.md.
  • Boundary markers: Absent. The extracted content is displayed as a preview and saved to a file without clear delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill utilizes Bash for file operations and Write for saving content (as defined in SKILL.md).
  • Sanitization: While filenames are sanitized for filesystem compatibility, the extracted article text itself is not sanitized or filtered for malicious instructions.
  • [EXTERNAL_DOWNLOADS]: The skill suggests installing external dependencies to achieve its functionality.
  • Findings: Suggests installing reader-cli and @mozilla/readability-cli via npm, and trafilatura via pip. While Mozilla and Trafilatura are well-known, third-party packages like reader-cli should be manually verified before installation.
  • [COMMAND_EXECUTION]: The skill executes shell commands and Python scripts via Bash to handle data.
  • Findings: Uses python3 -c to run embedded scripts for HTML and JSON parsing. It employs variables like $ARTICLE_URL within shell commands. While it uses double quotes to mitigate simple shell injection, safety depends on the agent providing a valid URL.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 07:53 AM