Parser
Fail
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes several system binaries and CLI tools to perform its tasks:
yt(Fabric) for fetching YouTube transcripts.llmCLI for communicating with Gemini models.bunfor running TypeScript utility scripts.pdftotextandPyPDF2(Python) for processing PDF documents.unzip,diff,grep, andjs-beautifyfor browser extension security analysis.- [EXTERNAL_DOWNLOADS]: The skill interacts with external domains to fetch content for parsing and use platform APIs:
- Fetches web content, transcripts, and documents from user-provided URLs.
- Interacts with Google's Gemini API at
generativelanguage.googleapis.com(well-known service). - Downloads browser extension files from
clients2.google.com(well-known service). - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) as it processes untrusted data from the web:
- Ingestion points: External content is fetched in various extraction workflows (e.g.,
ExtractArticle.md,ExtractYoutube.md). - Boundary markers: The skill uses markdown code blocks, triple quotes (
"""), and clear "ARTICLE X" delimiters in prompts to separate untrusted content from system instructions. - Capability inventory: The agent has access to shell commands and network requests, which could be targeted by embedded instructions in the fetched content.
- Sanitization: Uses
html2textto strip HTML tags, which provides a layer of sanitization but does not prevent text-based injection attacks. - [DATA_EXFILTRATION]: Performs automated network requests to a local notification service:
- Executes
curlPOST requests tohttp://localhost:8888/notifyto provide status updates to the user's local infrastructure. - [SAFE]: Automated scanner detections for malicious URLs and infected files are determined to be false positives based on context:
- The URL
https://channelwebsite.comis used exclusively as a placeholder within a documentation example inWorkflows/ExtractYoutube.md. - The infected file alert for
Workflows/ExtractYoutube.mdlikely triggered on the presence of shell commands (curl) and placeholder URLs within the markdown documentation.
Recommendations
- CRITICAL: 1 infected file(s) detected - DO NOT USE
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata