read
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches content from external URLs and PDF files via conversion services including r.jina.ai and defuddle.md. These are well-known services for converting web content to LLM-friendly formats.
- [COMMAND_EXECUTION]: Utilizes several command-line utilities including curl, npx, pdftotext, and python3 to handle content retrieval and PDF extraction. Use of npx agent-fetch and marker_single are within the context of local processing.
- [PROMPT_INJECTION]: As a tool designed to ingest arbitrary web and PDF content, it possesses an indirect prompt injection surface.
- Ingestion points: Data is pulled from external URLs and local PDF files in SKILL.md.
- Boundary markers: Output is organized into Title, Author, and Content sections, though it lacks specialized security delimiters for the untrusted content.
- Capability inventory: The skill has access to Bash, Read, and Write tools and is configured to save files to the user's ~/Downloads folder.
- Sanitization: The skill truncates long content and extracts text, which reduces the complexity of the input, but it does not perform specific instruction filtering.
Audit Metadata