content-parser
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It ingests untrusted data from arbitrary external URLs provided by users and processes this content through the agent.
- Ingestion points: Data enters the agent context via the extraction API response in
SKILL.md(Step 6). - Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from obeying instructions embedded within the extracted web content.
- Capability inventory: The skill has the ability to execute shell commands (
curl) and write files to the local filesystem (echo >). - Sanitization: No sanitization or filtering of the extracted content is performed before it is presented to the agent or saved to disk.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute several bash commands for configuration and operation.
- Evidence: Uses
mkdirandechoto create local configuration files in.listenhub/content-parser/andcurlcombined withjqin a loop to poll the status of extraction tasks. - [EXTERNAL_DOWNLOADS]: The skill performs network operations to external endpoints.
- Evidence: It makes POST and GET requests to
https://api.marswave.ai/openapi/v1/content/extract/usingcurl. As this domain belongs to the skill's author ('marswaveai'), it is considered a vendor-owned resource.
Audit Metadata