link-analyzer
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- Dynamic Execution (MEDIUM): The scripts in this skill use dynamic path manipulation to modify
sys.pathand load modules from a directory named 'shared' located four levels above the script's location. This behavior is risky as it escapes the skill's root directory to load unverifiable code from the host environment. - Evidence:
sys.path.insert(0, str(Path(__file__).parent.parent.parent.parent / "shared"))found inscripts/analyze.py,scripts/http_checker.py,scripts/internal_links.py, andscripts/outbound_links.py. - Indirect Prompt Injection (LOW): The skill ingests untrusted data by parsing HTML files from a user-provided directory to extract links and build reports. This analysis surface could be exploited if an attacker places malicious instructions in the site's HTML that are then presented to the agent in the final report.
- Ingestion points: Local HTML files parsed in
InternalLinksChecker.analyzeandOutboundLinksAnalyzer.analyze. - Boundary markers: Absent. The content of
<a>tags and other HTML elements is read directly without delimiters or instruction-override protection. - Capability inventory: The skill can perform network requests (
requests.get/head) and write various JSON and Markdown reports to the local filesystem. - Sanitization: Absent. The skill uses
BeautifulSoupfor parsing but does not sanitize or validate the extracted text before including it in reports. - External Downloads (LOW): The skill performs automated network operations to validate external links. While this is the intended functionality of an HTTP checker, it involves making requests to arbitrary external domains found within the site content.
- Evidence: The
HTTPLinkCheckerclass inscripts/http_checker.pyuses therequestslibrary to perform HEAD and GET requests on external URLs.
Audit Metadata