Skills
skills/hainrixz/claude-webkit/web-reader/Gen Agent Trust Hub

web-reader

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill's primary function involves fetching and processing data from external web pages, which introduces a surface for indirect prompt injection where instructions embedded in web content could influence the agent.\n
  • Ingestion points: Content is ingested through the page_reader function as demonstrated in SKILL.md and scripts/web-reader.ts.\n
  • Boundary markers: The provided implementation examples do not include explicit delimiters or 'ignore instructions' directives to isolate the retrieved web content from the agent's control logic.\n
  • Capability inventory: The skill is designed to retrieve, parse, and return HTML content, text, and metadata from any user-provided URL.\n
  • Sanitization: Implementation patterns show basic HTML sanitization (such as removing script and style tags) but do not address the filtering of semantic instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 01:01 AM