defuddle
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the 'defuddle' npm package, which is a vendor resource provided by the author (L-yifan).
- [COMMAND_EXECUTION]: The skill operates by executing the 'defuddle' CLI tool to process URLs provided by the user.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it fetches and cleans content from arbitrary external websites.
- Ingestion points: Content is ingested from user-provided URLs via the 'defuddle parse' command.
- Boundary markers: The skill does not provide explicit markers or instructions to delineate fetched content from agent instructions.
- Capability inventory: The skill has the ability to execute shell commands and read the output.
- Sanitization: No sanitization or validation of the fetched web content is performed before it is passed to the agent.
Audit Metadata