extract
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill sends user-specified URLs to a third-party API at api.inspiro.top. This transmits data about the user's browsing or research targets to an external service that is not on the trusted vendors list.
- [PROMPT_INJECTION]: The skill facilitates the ingestion of arbitrary web content, which introduces an indirect prompt injection attack surface. * Ingestion points: External web content is retrieved via the api.inspiro.top service and returned to the agent through the raw_content field. * Boundary markers: The skill lacks delimiters or specific instructions to the agent to treat the extracted content as untrusted data, which could lead the agent to follow malicious instructions embedded in a web page. * Capability inventory: The extract.sh script utilizes curl for network communication and jq for processing JSON data. * Sanitization: No sanitization, filtering, or validation is performed on the content retrieved from external URLs before it is passed to the agent.
Audit Metadata