extract
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill extracts content from arbitrary external URLs. This content is inherently untrusted and could contain malicious instructions designed to manipulate the AI agent that subsequently processes the extracted markdown or text.
- Ingestion points: Web content retrieved from URLs provided in the
urlsarray. - Boundary markers: Absent; the skill does not specify delimiters or instructions to ignore embedded commands in the extracted content.
- Capability inventory: The skill utilizes shell script execution (
./scripts/extract.sh) and network requests (curl). - Sanitization: Absent; the skill returns raw or clean markdown/text without specific filtering for prompt injection patterns.
- [Data Exposure & Exfiltration] (LOW): The skill transmits user-specified URLs and a required API key to
api.tavily.com. While this is the intended function, it involves sending data to a third-party service not included in the primary trusted whitelist. - [Command Execution] (LOW): The skill documentation references and provides examples for executing a local shell script (
./scripts/extract.sh) andcurlcommands. These require the agent to have local command execution privileges.
Audit Metadata