content-quality-auditor
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script located at
${CLAUDE_PLUGIN_ROOT}/scripts/connectors/firecrawl.pyto scrape and render JavaScript-heavy web pages when a standard crawler is not connected. - [EXTERNAL_DOWNLOADS]: The skill fetches content from user-provided URLs using
WebFetchor the aforementioned script. It also includes a fallback mechanism to download missing reference files (likeauditor-runbook.md) from the author's official GitHub repository (github.com/aaron-he-zhu/aaron-marketing-skills) if they are not present locally. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from external URLs. It mitigates risk by including explicit instructions to treat fetched content as data only and never as instructions, and by requiring user-provided or authorized URLs.
- [DATA_EXPOSURE]: The skill writes audit results, summaries, and critical flags to the agent's internal memory paths (e.g.,
memory/audits/content/,memory/hot-cache.md). This is a standard state-management practice for this class of tool.
Audit Metadata