byted-link-reader
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits user-provided URLs to a Volcano Engine API endpoint (ark.cn-beijing.volces.com) to extract content. This behavior is the intended functionality of the tool and is performed via the vendor's official SDK.
- [CREDENTIALS_UNSAFE]: The skill instructions direct the agent to prompt the user for API keys and save them to an environment file within the workspace. While this facilitates setup, it relies on the user ensuring these files are not exposed or committed to public repositories.
- [PROMPT_INJECTION]: The skill processes content from external, untrusted URLs, which presents a surface for indirect prompt injection. 1. Ingestion points: Web, PDF, and video content retrieved via the link_reader.py script. 2. Boundary markers: No specific delimiters are used to isolate the external content from the agent's instructions. 3. Capability inventory: The skill is restricted to content extraction via a specific API and does not provide arbitrary command execution. 4. Sanitization: No sanitization is applied to the retrieved content before it is processed by the agent.
Audit Metadata