site-content-catalog
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a Python script (
scripts/catalog_content.py) designed to crawl websites, process data, and write results to the local file system. - [EXTERNAL_DOWNLOADS]: The script dynamically fetches content, including sitemaps, RSS feeds, and HTML pages, from arbitrary external domains provided as user input during execution.
- [DATA_EXFILTRATION]: The skill transmits the
APIFY_API_TOKENto Apify's API (api.apify.com) to utilize its sitemap extraction service. This is an intended integration but involves sending credentials to a third-party service. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection as it ingests untrusted content from external websites and processes it into summaries that may influence agent behavior.
- Ingestion points:
scripts/catalog_content.pyusesrequests.getto fetch XML and HTML content from remote domains. - Boundary markers: Absent; there are no delimiters or instructions used to distinguish between crawled content and agent instructions.
- Capability inventory: The skill possesses network access via the
requestslibrary and file system write capabilities via standard Python file I/O. - Sanitization: Inadequate; the script uses the
xml.etree.ElementTreelibrary to parse remote XML content (sitemaps and RSS), which is documented as vulnerable to XML External Entity (XXE) attacks and XML bombs (DoS).
Audit Metadata