Skills
skills/liushuang393/serverlessaiagents/web-read/Gen Agent Trust Hub

web-read

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes content from untrusted external URLs, creating a surface for indirect prompt injection. Malicious web pages could contain hidden or explicit instructions designed to subvert the agent's logic when the content is eventually read by the language model.
  • Ingestion points: scripts/read.py takes a URL from the input_data dictionary and retrieves content via the WebIntelligenceRouter.
  • Boundary markers: No specific delimiters (such as XML tags or boundary strings) are added to the output to isolate external content from system instructions.
  • Capability inventory: The skill utilizes kernel.web for network operations and data extraction, returning the result as a structured JSON object.
  • Sanitization: No sanitization, HTML stripping, or safety filtering is performed on the content within the skill's logic before it is returned.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 06:34 AM