Skills
skills/kikobeats/skills/html-get/Gen Agent Trust Hub

html-get

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because its primary function is to ingest HTML data from arbitrary external URLs.
  • Ingestion points: Untrusted data enters the agent's context through the getHTML function and the npx html-get command as described in SKILL.md.
  • Boundary markers: The skill does not implement or recommend the use of boundary markers or instructions to treat the fetched HTML as data rather than instructions.
  • Capability inventory: The skill utilizes network operations to fetch data and supports command-line execution via npx.
  • Sanitization: No sanitization or security-focused filtering of the retrieved HTML content is present to prevent embedded malicious prompts from influencing the agent.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of several Node.js packages including html-get, browserless, and puppeteer. These are standard dependencies for the headless browser and HTML retrieval functionality described.
  • [COMMAND_EXECUTION]: The skill demonstrates the use of npx to execute the html-get package directly. This allows the agent or user to run the tool as a CLI utility for debugging and metadata extraction tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:31 AM