skills/danielmiessler/lifeos/Parser/Gen Agent Trust Hub

Parser

Fail

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: CRITICALCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes several system binaries and CLI tools to perform its tasks:
  • yt (Fabric) for fetching YouTube transcripts.
  • llm CLI for communicating with Gemini models.
  • bun for running TypeScript utility scripts.
  • pdftotext and PyPDF2 (Python) for processing PDF documents.
  • unzip, diff, grep, and js-beautify for browser extension security analysis.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with external domains to fetch content for parsing and use platform APIs:
  • Fetches web content, transcripts, and documents from user-provided URLs.
  • Interacts with Google's Gemini API at generativelanguage.googleapis.com (well-known service).
  • Downloads browser extension files from clients2.google.com (well-known service).
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) as it processes untrusted data from the web:
  • Ingestion points: External content is fetched in various extraction workflows (e.g., ExtractArticle.md, ExtractYoutube.md).
  • Boundary markers: The skill uses markdown code blocks, triple quotes ("""), and clear "ARTICLE X" delimiters in prompts to separate untrusted content from system instructions.
  • Capability inventory: The agent has access to shell commands and network requests, which could be targeted by embedded instructions in the fetched content.
  • Sanitization: Uses html2text to strip HTML tags, which provides a layer of sanitization but does not prevent text-based injection attacks.
  • [DATA_EXFILTRATION]: Performs automated network requests to a local notification service:
  • Executes curl POST requests to http://localhost:8888/notify to provide status updates to the user's local infrastructure.
  • [SAFE]: Automated scanner detections for malicious URLs and infected files are determined to be false positives based on context:
  • The URL https://channelwebsite.com is used exclusively as a placeholder within a documentation example in Workflows/ExtractYoutube.md.
  • The infected file alert for Workflows/ExtractYoutube.md likely triggered on the presence of shell commands (curl) and placeholder URLs within the markdown documentation.
Recommendations
  • CRITICAL: 1 infected file(s) detected - DO NOT USE
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 30, 2026, 03:33 PM
Security Audit — agent-trust-hub — Parser