defuddle
Warn
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install a third-party package
defuddleglobally usingnpm install -g defuddle. This introduces a dependency from the public npm registry. - [COMMAND_EXECUTION]: The skill executes the
defuddleCLI tool on the local system, passing user-provided URLs as arguments. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from external websites. Ingestion points: Untrusted web content enters the agent's context through the
defuddle parse <url>command. Boundary markers: No specific delimiters or "ignore instructions" warnings are provided to separate fetched web content from the agent's system prompt. Capability inventory: The skill itself uses CLI execution, and while it doesn't directly pipe tool output to dangerous functions within the skill, the agent reading the output possesses general capabilities. Sanitization: No sanitization, validation, or filtering of the extracted markdown content is performed before it is processed by the agent.
Audit Metadata