Skills
skills/ericgandrade/claude-superskills/webpage-reader/Gen Agent Trust Hub

webpage-reader

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's workflow includes an instruction to install the 'defuddle' npm package globally ('npm install -g defuddle') if it is not found on the host system.
  • [COMMAND_EXECUTION]: The skill uses the 'defuddle' command-line interface to parse URLs and supports writing the output to local files using the '-o' flag.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from the web. Ingestion points: Content extracted from user-supplied URLs (SKILL.md). Boundary markers: Not present; the skill lacks instructions to wrap untrusted content in protective delimiters. Capability inventory: Subprocess execution of CLI tools and file-writing capabilities (SKILL.md). Sanitization: Not present; the skill does not specify any validation or filtering of the fetched web content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 08:33 PM