internal-linking
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches
query-index.jsonand.plain.htmlpage content from a user-provided domain to build a link graph. This behavior is necessary for the skill's purpose and is performed within the context of the user-scoped audit. - [DATA_EXFILTRATION]: Analysis of the fetch operations and link processing logic shows no patterns of unauthorized data exfiltration or access to sensitive local environment variables, credentials, or system files.
- [PROMPT_INJECTION]: The skill includes a dedicated 'External Content Safety' section that explicitly instructs the agent to treat all fetched content as untrusted input. It forbids following redirects to unspecified domains, executing scripts, or interpreting dynamic content from the fetched HTML, which significantly mitigates the risk of indirect prompt injection.
Audit Metadata