structured-data
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill fetches and processes external HTML content to extract metadata, creating a surface for indirect prompt injection. A malicious web page could include hidden instructions designed to manipulate the agent's output or logic. The skill includes specific instructions to mitigate this risk, though the surface remains present by design.
- Ingestion points: Step 1 in
SKILL.mdfetches full HTML and authored content from user-provided URLs. - Boundary markers: Includes an 'External Content Safety' section with instructions to treat content as untrusted and ignore embedded scripts.
- Capability inventory: The agent extracts text to generate JSON-LD snippets; no subprocess calls or sensitive file system access are present in the skill's logic.
- Sanitization: The skill explicitly directs the agent to avoid interpreting dynamic content or executing scripts from the fetched pages.
- [SAFE]: No other malicious patterns, such as obfuscation, credential theft, or unauthorized persistence, were detected. The provided JavaScript and HTML implementation examples are standard for the intended EDS workflow.
Audit Metadata