Skills
skills/bahayonghang/my-claude-code-settings/knowledge-absorber/Gen Agent Trust Hub

knowledge-absorber

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The workflow executes a Python script (scripts/content_ingester.py) to process user-provided URLs or file paths, and utilizes shell commands like mkdir for output directory management.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes the requests library and the DrissionPage browser automation tool to fetch content from arbitrary external URLs provided by the user.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core ingestion workflow.
  • Ingestion points: Untrusted data enters the agent context through scripts/content_ingester.py and is temporarily stored in config/raw_content.txt.
  • Boundary markers: SKILL.md includes explicit instructions stating that URL content, webpage bodies, and documents are 'untrusted input' that must not 'override system rules' or be 'treated as commands'.
  • Capability inventory: The skill possesses capabilities for subprocess execution (via the ingestion script), directory creation (mkdir), and file writing (Write tool).
  • Sanitization: The ingestion script uses html2text to strip HTML noise and BeautifulSoup for basic metadata extraction, though it does not perform semantic validation of the content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 02:49 PM