Skills
skills/krosebrook/source-of-truth-monorepo/article-extractor/Gen Agent Trust Hub

article-extractor

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data from arbitrary URLs and feeds it directly into the agent's context. Since the agent has the 'Bash' tool enabled, malicious text extracted from a website could command the agent to perform destructive actions. * Ingestion point: ARTICLE_URL passed to reader, trafilatura, or curl. * Boundary markers: None used when displaying the temp_article.txt content to the agent. * Capability inventory: Access to Bash (shell execution) and Write (file system modification). * Sanitization: Filename cleaning is present, but no sanitization of extracted text is performed before it reaches the agent.
  • [COMMAND_EXECUTION] (MEDIUM): The skill executes shell commands and inline Python scripts to handle extraction logic. It constructs shell commands using variables that may contain untrusted data, such as website titles or URLs, which can lead to command injection if variables are not handled securely by the underlying shell environment.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill suggests installing dependencies like trafilatura and readability-cli from public repositories (npm, pip) without version pinning or integrity verification, posing a supply chain risk.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 12:01 AM