content-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its content fetching capabilities.
- Ingestion points: Data is ingested from external URLs via the
WebFetchtool and from user-provided files. - Boundary markers: There are no explicit instructions or delimiters (such as XML blocks or 'ignore' directives) to prevent the agent from obeying instructions embedded within the fetched articles or social media posts.
- Capability inventory: The skill possesses the
Bash,Write, andWebFetchtools, providing a significant capability surface if an injection occurs. - Sanitization: No sanitization or validation logic is defined for the content retrieved from the web before it is processed by the analysis pipeline.
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute several local Node.js scripts for analysis and memory management. - Evidence: Commands include
node .claude/tools/cli/post-analyzer.cjsandnode .claude/lib/memory/memory-search.cjs. - Context: While these scripts are part of the skill's defined infrastructure, they represent the execution of local logic that is not visible in the provided markdown file.
Audit Metadata