article-extractor
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill has a significant attack surface for indirect prompt injection. 1. Ingestion points: Article content fetched from user-provided URLs via curl or trafilatura. 2. Boundary markers: None used; content is processed and displayed directly. 3. Capability inventory: Shell command execution (mv, head, sed), file writing, and local python execution. 4. Sanitization: No logic to sanitize or escape the retrieved article content to prevent embedded instructions from being executed by the agent.
- Command Execution (HIGH): Extracted article titles are used in shell commands. The sanitization logic is insufficient, as it fails to remove shell-active characters like backticks, semicolons, or dollar signs. Evidence: TITLE and FILENAME variables used in 'mv' and 'echo' commands.
- External Downloads (MEDIUM): Recommends installing 'trafilatura' (pip) and 'reader-cli' (npm). While 'mozilla' is a trusted organization, the other packages are from untrusted sources.
Recommendations
- AI detected serious security threats
Audit Metadata