defuddle
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install an external dependency from the npm registry using
npm install -g defuddle(SKILL.md). - [COMMAND_EXECUTION]: The skill utilizes the
defuddleCLI to execute parsing operations on user-provided URLs and perform file writes using the-oflag (SKILL.md). - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external websites.
- Ingestion points: Untrusted content is ingested from arbitrary web pages via the URL parameter in
defuddle parse <url>(SKILL.md). - Boundary markers: The instructions do not specify any delimiters or safety markers to help the agent distinguish between the tool's output and potentially malicious instructions embedded within the web content.
- Capability inventory: The agent has the capability to execute shell commands and write files, which could be exploited if malicious content is successfully injected into the context.
- Sanitization: No sanitization or filtering of the extracted web content is performed before it is returned to the agent's context.
Audit Metadata