unifuncs-reader
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface as it is designed to fetch and process untrusted external data (URLs, PDF, Word documents).
- Ingestion points: Data enters the agent context through the output of
scripts/read.pywhich fetches content from user-provided URLs. - Boundary markers: There are no explicit instructions or delimiters defined in the
SKILL.mdto prevent the LLM from obeying instructions embedded within the fetched document content. - Capability inventory: The skill utilizes
Bash(python*:*)to execute local scripts, which typically involves network access to reach the UniFuncs API. - Sanitization: No sanitization or filtering of the fetched content is described in the provided skill definition.
- COMMAND_EXECUTION (SAFE): The skill executes a local Python script
scripts/read.py. While the source code for the script was not provided for analysis, the execution pattern described is consistent with the skill's stated purpose. - CREDENTIALS_UNSAFE (SAFE): The skill instructions correctly advise users to use environment variables for API keys and only provide a non-functional placeholder (
sk-your-api-key) in the documentation.
Audit Metadata