webpage-to-courseware
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from external URLs which can contain malicious instructions intended to manipulate the agent. 1. Ingestion points: SKILL.md (Step 1) fetches content from a user-provided [URL]. 2. Boundary markers: Absent. 3. Capability inventory: Bash, Write, Read, WebFetch, GenerateImage. 4. Sanitization: Absent.
- Command Execution (MEDIUM): The skill instructions suggest interpolating user-provided URL parameters directly into shell command strings (curl and python3) without visible sanitization or escaping. This creates a high risk of command injection if the agent or the underlying shell does not properly escape the [URL] input. Evidence: SKILL.md Step 1 and Step 2 code blocks.
Audit Metadata