Skills
skills/family3253/skill/kepano-defuddle/Gen Agent Trust Hub

kepano-defuddle

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes the defuddle CLI to parse web pages into markdown format. Evidence: defuddle parse <url> --md in SKILL.md.\n- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the defuddle package from the npm registry. Evidence: npm install -g defuddle in SKILL.md.\n- [PROMPT_INJECTION]: The skill processes untrusted content from external URLs, creating a surface for indirect prompt injection.\n
  • Ingestion points: URL input to the defuddle command (SKILL.md).\n
  • Boundary markers: None present in the skill instructions to delimit fetched content.\n
  • Capability inventory: Command execution via the defuddle CLI tool.\n
  • Sanitization: No explicit sanitization or filtering of the extracted content is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 08:18 AM