create-tldr-page
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references example tldr pages from a public GitHub repository (
github.com/jhauga/tldr) and fetches content from user-provided documentation URLs to perform its primary function.\n- [PROMPT_INJECTION]: The skill identifies a potential surface for indirect prompt injection as it ingests and processes content from external documentation sources.\n - Ingestion points: External data enters the agent context via the
#tool:fetchcommand applied to URLs or files provided in the prompt parameters.\n - Boundary markers: The prompt does not specify delimiters or explicit instructions for the agent to ignore potentially malicious instructions embedded in the fetched documentation.\n
- Capability inventory: The skill is limited to generating markdown output and does not utilize any capabilities for system modification, command execution, or network exfiltration beyond the initial fetch.\n
- Sanitization: The skill does not implement specific sanitization or validation routines for the text extracted from documentation sources.\n- [SAFE]: The identified behavior is entirely consistent with the skill's purpose of documentation summarization. There is no evidence of obfuscation, credential harvesting, or attempts to gain unauthorized persistence or privileges.
Audit Metadata