Skills
skills/mitsuhiko/agent-commands/summarize/Gen Agent Trust Hub

summarize

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It fetches content from untrusted external URLs or local files and includes it in a prompt for summarization.
  • Ingestion points: The script to-markdown.mjs accepts arbitrary URLs and local file paths via command-line arguments.
  • Boundary markers: The summarization prompt uses simple text delimiters (--- BEGIN DOCUMENT (Markdown) ---) which can be easily bypassed or spoofed by malicious instructions embedded in the source document.
  • Capability inventory: The skill has the ability to read files, perform network requests (via markitdown), write to the temporary file system, and execute the pi CLI tool.
  • Sanitization: Converted Markdown content and user-supplied prompts are not sanitized or escaped before being interpolated into the summarization prompt.
  • [EXTERNAL_DOWNLOADS]: The skill uses uvx to dynamically install and run the markitdown package.
  • Evidence: The function runMarkitdown in to-markdown.mjs executes uvx markitdown, which fetches the package from a public registry (PyPI) at runtime if not already available.
  • [COMMAND_EXECUTION]: The skill executes external CLI tools to perform its core functionality.
  • Evidence: Found in to-markdown.mjs using spawnSync to invoke uvx and pi. While the implementation uses argument arrays, it grants the agent the capability to run these specific binaries with input derived from external sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 10:59 AM