web-reader
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to defuddle.md and r.jina.ai. These are recognized services for webpage content extraction and their use is consistent with the skill's primary function.
- [PROMPT_INJECTION]: The skill performs as a data ingestion point for arbitrary web content, which constitutes an indirect prompt injection surface. 1. Ingestion points: Content is fetched from external URLs via the fetchContent function in index.js. 2. Boundary markers: The resulting text is returned as a plain string without markers to distinguish it as external data. 3. Capability inventory: No scripts (index.js, cli.js, test.js) contain subprocess spawning, file system writing, or dynamic execution functions like eval or exec. 4. Sanitization: There is no process for filtering or sanitizing the content of the fetched pages for malicious instructions before delivery to the agent.
Audit Metadata