Skills
skills/dandcg/claude-skills/web-clipper/Gen Agent Trust Hub

web-clipper

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/ingest.py executes a command using subprocess.run to integrate with the repo-search skill. This execution is performed safely by passing arguments as a list, which prevents shell injection vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: The skill's primary function in scripts/clip.py involves fetching content from external URLs. It utilizes the requests library and trafilatura for clean text extraction. Additionally, it can interface with a local FlareSolverr instance to handle Cloudflare-protected pages.
  • [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection.
  • Ingestion points: Content is fetched from arbitrary, untrusted external URLs via scripts/clip.py and stored in ~/web-clips/.
  • Boundary markers: Extracted content is stored in markdown files with clear YAML frontmatter boundaries, providing some separation between metadata and external content.
  • Capability inventory: The skill has the ability to delete files (scripts/delete.py) and trigger external code execution via another skill's ingestion script (scripts/ingest.py).
  • Sanitization: Content is processed by trafilatura to extract article text and discard HTML boilerplate, which provides a layer of normalization, though semantic instructions within the resulting text are not filtered.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 06:16 AM
Security Audit — agent-trust-hub — web-clipper