design-archivist
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it is designed to systematically crawl and process content from up to 1000 external web pages.
- Ingestion points: Data enters the agent context from external domains via the WebFetch and WebSearch tools during the Systematic Crawling phase described in SKILL.md.
- Boundary markers: The instructions do not include specific boundary markers or instructions to the agent to disregard potential commands found within the HTML or metadata of analyzed sites.
- Capability inventory: The skill utilizes Read, Write, WebSearch, and WebFetch tools, providing the ability to fetch external data and write to the local filesystem.
- Sanitization: No specific content sanitization or filtering logic is mentioned to clean retrieved HTML before it is processed by the model for Visual DNA extraction.
- [COMMAND_EXECUTION]: The skill package contains a shell script located at scripts/validate_archive.sh. This script uses the jq utility to validate the structure of the generated JSON database. While the script performs benign local validation tasks, it represents a command execution surface within the skill's infrastructure.
Audit Metadata