article-extractor
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Privilege Escalation (HIGH): The
scripts/install-deps.shfile contains a command to executesudo npm install -g readability-cli. Requiring administrative privileges for dependency installation is a high-risk practice in AI agent environments. - Indirect Prompt Injection (HIGH): This skill has a high-risk attack surface for indirect prompt injection.
- Ingestion points: The skill fetches and processes content from arbitrary user-provided URLs.
- Boundary markers: There are no explicit instructions or delimiters mentioned to prevent the agent from obeying instructions embedded within the extracted article content.
- Capability inventory: The skill executes shell scripts (
extract-article.sh), performs network requests, and writes files to the local filesystem. - Sanitization: Since the source for
extract-article.shis missing, sanitization of extracted content cannot be verified. Malicious instructions in a webpage could potentially trigger unintended agent actions after extraction. - Unverifiable Behavior (MEDIUM): The primary logic resides in
scripts/extract-article.sh, but the content of this script is not provided in the skill package. This prevents a full audit of how URLs are handled, how subprocesses are spawned, and how file paths are sanitized. - External Downloads (LOW): The skill installs
trafilatura(Python) andreadability-cli(Node.js). These are standard tools, but their installation is performed via unversioned commands (pip install,npm install), which could lead to non-deterministic or supply-chain risks.
Recommendations
- AI detected serious security threats
Audit Metadata