article-extractor
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill instructs the user to install the UV tool using 'curl -LsSf https://astral.sh/uv/install.sh | sh'. Piping remote scripts directly to a shell is a dangerous pattern that can lead to arbitrary code execution if the source or connection is compromised.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill installs third-party dependencies from external registries including NPM (@aspect/readability-cli, reader-cli) and PyPI (trafilatura). These sources are not on the provided list of trusted GitHub organizations or repositories.
- [COMMAND_EXECUTION] (MEDIUM): Extensive use of Bash scripts with variable interpolation for URLs and extracted titles. Although a validation utility is used, any logic failure in the validation script or tool bypass could lead to shell command injection or SSRF.
- [PROMPT_INJECTION] (LOW): The skill processes untrusted content from external URLs, creating a surface for indirect prompt injection. 1. Ingestion points: Article content fetched via reader and trafilatura. 2. Boundary markers: No explicit markers or 'ignore' instructions are used when handling the extracted text. 3. Capability inventory: Bash subprocess execution and file system write permissions. 4. Sanitization: Employs 'tapestry-validate-url' for SSRF protection and 'tapestry-sanitize-filename' for safe output naming.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata