ai-readability-audit
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
- Ingestion points: The skill uses the WebFetch tool to retrieve the complete HTML content of user-provided URLs, which enters the agent context for analysis.
- Boundary markers: The instructions lack explicit delimiters or 'ignore' commands to prevent the agent from accidentally executing instructions found within the fetched HTML.
- Capability inventory: The agent has access to WebFetch (network read) and Write (file system write to ~/.claude/cache/).
- Sanitization: There is no evidence of sanitization or filtering of the fetched HTML content before it is processed by the LLM.
- [DATA_EXFILTRATION]: Network operations to non-whitelisted domains.
- The skill utilizes WebFetch to connect to external, user-specified websites. This network activity is fundamental to the skill's purpose but involves interacting with arbitrary domains. No access to sensitive local files (e.g., SSH keys, credentials) was detected in the skill logic.
Audit Metadata