fumadocs-article-importer
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from external URLs using the Jina MCP
read_urltool. An attacker could host a malicious article designed to manipulate the agent's behavior during the translation or classification steps. \n - Ingestion points: Article content fetched from
{article_url}. \n - Boundary markers: None identified; external content is processed directly. \n
- Capability inventory: File system writes (
content/docs/), network access (curl), and interaction with other skills. \n - Sanitization: The skill suggests generating a slug by removing special characters, but the full article body is passed to a translator skill without sanitization. \n- [Command Execution] (MEDIUM): In Step 4, the skill executes a shell command:
curl -o "public/images/docs/{slug}/{image-filename}" "{image-url}". The variables{image-filename}and{image-url}originate from external content. If not strictly validated by the executing agent, this could lead to command injection or path traversal (e.g., if an image filename contains../or shell metacharacters). \n- [External Downloads] (LOW): The skill is designed to download resources from arbitrary, non-whitelisted domains provided by the user, which is a standard part of its functionality but carries inherent risk.
Audit Metadata