Skills
skills/hamsterider-m/personal-skills/content-bridge/Gen Agent Trust Hub

content-bridge

Warn

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The install.sh script downloads and executes code from unverified third-party GitHub repositories without version pinning.
  • Clones https://github.com/Bwkyd/wexin-read-mcp.git for WeChat article extraction.
  • Installs notebooklm-py directly from https://github.com/teng-lin/notebooklm-py.git using pip.
  • [COMMAND_EXECUTION]: The skill's operational logic heavily depends on executing local CLI tools via subprocess calls, which can be risky if inputs are not properly sanitized.
  • Calls markitdown for document to Markdown conversion.
  • Executes notebooklm CLI commands for cloud synchronization and generation.
  • Invokes bilibili-subtitle for processing video transcripts.
  • [PROMPT_INJECTION]: The skill exhibits a high surface area for indirect prompt injection because it is designed to ingest and process untrusted data from the open web.
  • Ingestion points: Untrusted data enters the agent context via WeChat MCP tools, YouTube transcript extractors, and general web readers.
  • Boundary markers: The instructions lack clear delimiters or system instructions to ignore embedded commands within the fetched content.
  • Capability inventory: The skill possesses powerful capabilities including file system access (writing to /tmp/), network operations (uploading to Google), and subprocess execution.
  • Sanitization: There is no evidence of sanitization or filtering of the content retrieved from external URLs before it is processed by the LLM.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 7, 2026, 02:53 AM