mlb-league-state-reader
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests untrusted data from multiple Yahoo Fantasy Baseball pages and user-pasted text buffers. This information is then used to generate signal files and update team profiles that are consumed by other agents, creating a multi-step attack chain.
- Ingestion points: Scraped content from five Yahoo Fantasy URLs (roster, standings, matchup, transactions, and free agents) and the "Paste Parsing" fallback mechanism described in methodology.md.
- Boundary markers: Absent. While the skill uses YAML formatting for some output, the templates in template.md do not include explicit delimiters or "ignore embedded instructions" warnings for the content derived from external sources.
- Capability inventory: The skill possesses file system write capabilities within the user's project directory (~/Documents/Projects/yahoo-mlb/) and utilizes browser automation via Claude-in-Chrome tools.
- Sanitization: Absent. There is no evidence of sanitization, escaping, or filtering of the extracted page text (get_page_text) before it is processed and written to local files.
Audit Metadata