Skills
skills/shadowcz007/skills/fill-content/Gen Agent Trust Hub

fill-content

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Potential for indirect prompt injection.
  • Ingestion points: scripts/02-fetch-content.js fetches content from external URLs retrieved from the mixdao API.
  • Boundary markers: None identified in scripts/03-update-from-temp.js when passing the fetched content to the LLM.
  • Capability inventory: scripts/03-update-from-temp.js generates a summary and performs an authenticated PATCH request to update records on mixdao.world.
  • Sanitization: scripts/02-fetch-content.js uses regex for basic HTML tag removal, which is insufficient to strip malicious instructions from the text body.
  • [EXTERNAL_DOWNLOADS]: scripts/02-fetch-content.js downloads data from external, untrusted URLs using curl and Playwright to obtain article content.
  • [COMMAND_EXECUTION]: scripts/02-fetch-content.js executes the curl binary using child_process.spawn to fetch web content.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 10:08 PM