Skills
skills/fadeloo/skills/ai-tech-fulltext-fetch/Gen Agent Trust Hub

ai-tech-fulltext-fetch

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches article content from URLs retrieved from a local SQLite database using Python's urllib.request.urlopen. It implements timeouts and response size limits to prevent resource exhaustion during network operations.
  • [COMMAND_EXECUTION]: Interacts with a local SQLite database file to manage article metadata and content. It utilizes the sqlite3 library with parameterized queries to prevent SQL injection and manages database state through initialization and sync commands.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it ingests and stores untrusted content from the web.
  • Ingestion points: The fetch_html function in scripts/fulltext_fetch.py retrieves content from arbitrary URLs stored in the entries table.
  • Boundary markers: Absent. Extracted text is stored in the entry_content table without specific delimiters or warnings for downstream agents.
  • Capability inventory: The script can perform network requests and write to the local filesystem via SQLite.
  • Sanitization: Uses the trafilatura library or a custom HTMLParser to extract plain text, which removes HTML tags but does not filter the semantic content of the retrieved text.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 05:09 PM