knowledge-base
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill fetches content from external URLs to generate summaries and archive articles. This processes untrusted data which could contain malicious instructions designed to influence the agent's behavior.
- Ingestion points: Content fetched from external URLs (Workflow Step 3).
- Boundary markers: Absent. There are no instructions to the agent to ignore or delimit instructions found within the fetched resources.
- Capability inventory: File system write access to
~/knowledge/, file system read access, and execution of local shell scripts. - Sanitization: Absent. The skill does not describe any validation or escaping of the fetched content before processing.
- [Unverifiable Dependencies] (LOW): The skill relies on an external command
get_tabs.sh. This script is not provided within the skill's source and its behavior cannot be audited, representing a dependency on an external, unverified component. - [Data Exposure] (LOW): The skill is configured to read from and write to the user's home directory (
~/knowledge/). While this is central to its stated purpose, it establishes a local file system footprint that is manipulated based on inputs from external web sources.
Audit Metadata