Skills
skills/transilienceai/communitytools/html-content-analysis/Gen Agent Trust Hub

html-content-analysis

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill documentation describes shell-based operations like curl -s {url} | grep .... If the {url} input is not properly sanitized, it creates a risk of command injection where shell control characters could be used to execute arbitrary commands.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves data from external URLs using WebFetch and curl. This functionality introduces a surface for Server-Side Request Forgery (SSRF) if the agent's network environment is not restricted.
  • [PROMPT_INJECTION]: The skill parses untrusted content (meta tags, comments, and structured data) from external websites, creating a vector for indirect prompt injection where a malicious site could influence the agent's behavior.
  • [COMMAND_EXECUTION]: The skill configuration executes local hooks (pre_network_skill_hook.sh and post_evidence_capture_hook.sh) via relative paths, which involves running scripts located outside the skill's own directory.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 11:36 PM