read-source
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from external documents and URLs, creating an indirect prompt injection surface where malicious instructions within a document could attempt to influence the agent's behavior.
- Ingestion points: Content is ingested from local files or remote URLs via the
witan readcommand as defined inSKILL.md. - Boundary markers: The tool outputs line-numbered text which provides basic structure, but it does not implement explicit delimiters or instruction-ignore warnings to sequester untrusted content.
- Capability inventory: The skill can read local file systems, access network URLs, and is part of a workflow that includes writing to spreadsheets via
witan xlsx exec. - Sanitization: No evidence of content sanitization or instruction filtering is described in the tool's operation.
- [EXTERNAL_DOWNLOADS]: The skill is designed to fetch and process document content from remote URLs provided to the
witan readcommand. - [COMMAND_EXECUTION]: The skill relies on executing the
witancommand-line utility, passing user-provided file paths or URLs as arguments to the subprocess for document conversion.
Audit Metadata