recipe-cleanup
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use
curlto check for the existence of YouTube thumbnails (hq720.jpgvshqdefault.jpg). This involves executing a shell command where parts of the command (the URL) are dynamically constructed based on external data. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes text from untrusted external sources and uses it to perform actions like file writing.
- Ingestion points: Recipe content fetched from user-provided URLs, YouTube video descriptions, and external blog posts linked within those descriptions.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between the fetched data and the skill's own operational instructions.
- Capability inventory: The skill can read local files, write new Markdown files to the vault, create creator 'stub' pages, perform network fetches via WebFetch/Playwright, and execute shell commands via
curl. - Sanitization: There is no mention of sanitising or validating the external content (ingredients, instructions, or metadata) before it is processed or written to the file system.
- [EXTERNAL_DOWNLOADS]: The skill frequently fetches data from external web services, including YouTube and various recipe websites, to extract information for the formatting process.
Audit Metadata