article-extractor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Unverifiable Dependencies] (LOW): The skill installs @mozilla/readability-cli (trusted source) and trafilatura (external repository) packages to perform its core function. These dependencies represent external code execution risks.\n- [Indirect Prompt Injection] (LOW): The skill ingests untrusted content from arbitrary URLs, creating an attack surface where malicious web pages could attempt to influence agent behavior through hidden instructions.\n
- Ingestion points: External web content via the ARTICLE_URL variable.\n
- Boundary markers: Absent; the skill saves and previews extracted text without using delimiters or system-level isolation.\n
- Capability inventory: The skill uses Bash (for system commands) and Write (for file system access).\n
- Sanitization: Web content is parsed for text but not sanitized for embedded instructions that could target the LLM.\n- [Dynamic Execution] (LOW): Uses python3 -c for parsing and interpolates variables directly into shell commands. While localized and necessary for the primary purpose, this pattern carries a minor risk of command injection if the input URLs or titles are specifically crafted to exploit shell syntax.
Audit Metadata