ContentAnalysis

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted content from YouTube transcripts, web articles, and local files. There are no explicit boundary markers or sanitization steps defined to prevent the agent from executing instructions embedded within the source material.
  • Ingestion points: fabric -y "URL" (YouTube transcripts), WebFetch (Article content), and direct file reads.
  • Boundary markers: Absent; the skill does not use delimiters to wrap untrusted content or instruct the agent to ignore instructions within the data.
  • Capability inventory: Execution of the fabric CLI tool and file system access.
  • Sanitization: None; the content is passed directly to the analysis phase.
  • [COMMAND_EXECUTION]: The Extract.md workflow executes the fabric command-line tool with user-supplied YouTube URLs to extract transcripts. While functional, this represents a direct interaction with the host shell.
  • [PROMPT_INJECTION]: The customization logic in ExtractWisdom/SKILL.md instructs the agent to load and apply instructions from ~/.claude/PAI/USER/SKILLCUSTOMIZATIONS/ExtractWisdom/. If an attacker or malicious process can write to this directory, they can effectively override the skill's behavior and inject persistent malicious instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 03:33 PM
Security Audit — agent-trust-hub — ContentAnalysis