Skills
skills/winsorllc/upgraded-carnival/link-understanding/Gen Agent Trust Hub

link-understanding

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from the internet.
  • Ingestion points: The understandLink function fetches content from any URL provided at runtime (e.g., in SKILL.md).
  • Boundary markers: The documentation does not specify the use of delimiters or 'ignore' instructions to prevent the agent from obeying commands found within the fetched web content.
  • Capability inventory: The skill utilizes the node binary and the web-fetch skill to perform network and local execution tasks.
  • Sanitization: There is no evidence of content sanitization or filtering applied to the fetched HTML or text before it is passed to the NLP components.
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations to retrieve content from external, non-whitelisted domains as part of its core functionality using the web-fetch dependency.
  • [COMMAND_EXECUTION]: The skill executes local code using the node runtime to run its analysis script (analyzer.js), as seen in the usage and CLI examples.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 05:11 AM