ai-tech-fulltext-fetch
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script fetches article content from arbitrary URLs retrieved from the SQLite database. It implements security best practices including configurable timeouts, a 2MB response size limit (--max-bytes), and filtering of binary content types (e.g., PDF, ZIP, images) to prevent resource exhaustion.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted text from the web for later use by an LLM.\n
- Ingestion points: Article content is fetched from remote URLs in scripts/fulltext_fetch.py and stored in the entry_content table.\n
- Boundary markers: There are no boundary markers or instructions to ignore embedded commands within the stored content_text field.\n
- Capability inventory: The skill can perform network fetches and write to the local file system (SQLite database). It does not have permissions for arbitrary command execution.\n
- Sanitization: The script cleans the extracted text by removing common HTML boilerplate tags (script, style, etc.) and normalizing whitespace, though it does not explicitly sanitize for adversarial instructions.
Audit Metadata