defuddle
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
defuddlecommand-line tool to parse web pages as part of its primary functionality documented in SKILL.md.\n- [EXTERNAL_DOWNLOADS]: Recommends the installation of thedefuddleNPM package, which is a utility provided by the author kepano.\n- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection.\n - Ingestion points: Processes web content from external URLs using the
defuddle parse <url>command in SKILL.md.\n - Boundary markers: Absent; instructions do not specify the use of delimiters or warnings to ignore instructions within fetched content.\n
- Capability inventory: The skill uses shell command execution to process data.\n
- Sanitization: Absent; content is extracted and converted to markdown without explicit sanitization or instruction filtering.
Audit Metadata