url-dump
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection risk via external content ingestion. The skill processes untrusted data from user-provided URLs to generate summaries and categorization, creating a surface for embedded instructions to influence the agent.\n
- Ingestion points: Web content retrieved through the
web-fetchintegration (SKILL.md).\n - Boundary markers: Absent. The instructions do not specify delimiters or warnings to ignore commands within the fetched data.\n
- Capability inventory: Filesystem write access to various vault directories including
00-inbox/,04-projects/, and05-knowledge/(SKILL.md).\n - Sanitization: Absent. Content is analyzed directly for executive summaries and insights without validation or escaping.\n- [EXTERNAL_DOWNLOADS]: The skill performs automated retrieval of external data using the
web-fetchintegration. While necessary for its core purpose of URL archiving, this involves downloading untrusted content into the agent's environment.
Audit Metadata