defuddle
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches and processes content from external, untrusted web pages.
- Ingestion points: The skill parses content from arbitrary user-provided URLs using
defuddle parse <url>inSKILL.md. - Boundary markers: Absent. There are no instructions or delimiters defined to prevent the agent from obeying instructions embedded in the fetched web content.
- Capability inventory: The skill utilizes subprocess execution to run the
defuddleCLI tool and read its output. - Sanitization: Absent. Content is passed directly from the external source to the agent's context without filtering.
- [EXTERNAL_DOWNLOADS]: The skill documentation encourages the installation of an external package from a public registry.
- Evidence:
npm install -g defuddleinSKILL.md. - [COMMAND_EXECUTION]: The skill's primary functionality relies on executing a CLI tool with user-provided arguments.
- Evidence: Commands like
defuddle parse <url> --mdinvolve executing a shell command where the URL is a variable parameter.
Audit Metadata