byted-link-reader
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
scripts/link_reader.pyto perform web scraping and content parsing via an API call. - [EXTERNAL_DOWNLOADS]: The script relies on the
volcenginesdkarkruntimelibrary andhttpxto facilitate communication with the Volcano Engine Ark API endpoints. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes untrusted content from external URLs.
- Ingestion points: Content from webpages, PDFs, and video descriptions fetched through URLs passed as arguments to
scripts/link_reader.py. - Boundary markers: The script does not implement delimiters or explicit instructions to ignore embedded commands within the fetched external data.
- Capability inventory: The skill has the capability to execute Python scripts, modify local environment files in the workspace, and perform network requests to the Ark API.
- Sanitization: There is no explicit sanitization or filtering of fetched content performed locally before the data is returned to the agent context.
Audit Metadata