bulk-metadata
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves site indexes (query-index.json), sitemaps (sitemap.xml), and bulk metadata configurations (metadata.json) from AEM Edge Delivery Services domains (aem.live). These operations are restricted to URLs derived from user-provided repository information and are used solely for the intended audit functionality.\n- [PROMPT_INJECTION]: The skill processes page titles, descriptions, and Open Graph tags from external JSON and HTML sources, which represents an indirect prompt injection attack surface.\n
- Ingestion points: Metadata strings are ingested from query-index.json, sitemap.xml, and metadata.json (SKILL.md).\n
- Boundary markers: The 'External Content Safety' section in SKILL.md provides explicit instructions to treat all fetched content as untrusted input and to ignore any instructions embedded within that content.\n
- Capability inventory: The skill is designed for reporting and data transformation; it lacks access to sensitive capabilities such as shell command execution, local file system modification, or external data exfiltration.\n
- Sanitization: The agent is strictly instructed not to execute scripts or interpret dynamic content from the fetched sources.\n- [SAFE]: The skill implements strong security best practices, including explicit agent safety guidelines and adherence to least-privilege principles. The external resources used are official vendor domains associated with the skill's stated purpose.
Audit Metadata