doc-skill-generator
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes text from arbitrary external URLs.
- Ingestion points: As documented in
SKILL.md, the agent usesscripts/crawl_website.pyto fetch external content and then reads this content to generate summaries and fill templates. - Boundary markers: Scraped content is stored in Markdown files with source URLs in comments, but the prompt instructions in
SKILL.mdlack explicit delimiters or safety warnings directing the agent to ignore instructions embedded in the retrieved text. - Capability inventory: The skill enables file system writes, execution of local scripts, and network access via the crawling library.
- Sanitization: The
clean_markdownfunction inscripts/crawl_website.pyremoves structural HTML elements (like navigation and footers) but does not filter the text content for potential adversarial instructions. - [EXTERNAL_DOWNLOADS]: The skill performs external downloads from well-known sources as part of its core functionality.
- It utilizes the command
playwright install chromiumto download necessary browser binaries from Microsoft's official sources for web scraping. - It relies on established libraries such as
crawl4aiandplaywrightfor automated data extraction. - [COMMAND_EXECUTION]: The automation workflow involves executing local Python scripts to process data.
- The skill calls
scripts/crawl_website.py,scripts/summarize_pages.py, andscripts/validate_skill.pyvia the command line to handle the crawling, analysis, and validation phases.
Audit Metadata