Skills
skills/d-o-hub/rust-self-learning-memory/web-doc-resolver/Gen Agent Trust Hub

web-doc-resolver

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it retrieves content from arbitrary external URLs and search results which are then processed as context by the agent.
  • Ingestion points: External data is ingested in scripts/resolve.py via outputs from the webfetch and websearch tools.
  • Boundary markers: The skill does not implement boundary markers or instructions for the agent to ignore directives embedded within the fetched content.
  • Capability inventory: The skill uses subprocess.run to call platform tools and is explicitly granted access to the Bash tool in its configuration.
  • Sanitization: There is no validation, escaping, or sanitization of the fetched markdown or text content beyond a character length truncation.
  • [COMMAND_EXECUTION]: The Python script scripts/resolve.py executes platform tools via subprocess.run.
  • The implementation uses a list-based argument format and does not enable shell execution (shell=False), which mitigates the risk of shell injection from untrusted URL or query inputs.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 03:11 AM
Security Audit — agent-trust-hub — web-doc-resolver