ContentAnalysis
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted content from YouTube transcripts, web articles, and local files. There are no explicit boundary markers or sanitization steps defined to prevent the agent from executing instructions embedded within the source material.
- Ingestion points:
fabric -y "URL"(YouTube transcripts), WebFetch (Article content), and direct file reads. - Boundary markers: Absent; the skill does not use delimiters to wrap untrusted content or instruct the agent to ignore instructions within the data.
- Capability inventory: Execution of the
fabricCLI tool and file system access. - Sanitization: None; the content is passed directly to the analysis phase.
- [COMMAND_EXECUTION]: The
Extract.mdworkflow executes thefabriccommand-line tool with user-supplied YouTube URLs to extract transcripts. While functional, this represents a direct interaction with the host shell. - [PROMPT_INJECTION]: The customization logic in
ExtractWisdom/SKILL.mdinstructs the agent to load and apply instructions from~/.claude/PAI/USER/SKILLCUSTOMIZATIONS/ExtractWisdom/. If an attacker or malicious process can write to this directory, they can effectively override the skill's behavior and inject persistent malicious instructions.
Audit Metadata