Skills
skills/notque/claude-code-toolkit/article-evaluation-pipeline/Gen Agent Trust Hub

article-evaluation-pipeline

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It retrieves article content from external URLs or local files and directs the agent to perform detailed analysis. Malicious instructions embedded within the article (e.g., in markdown comments or prose) could attempt to override agent behavior.
  • Ingestion points: Phase 1 fetches article content via WebFetch or the Read tool.
  • Boundary markers: Absent. The instructions do not specify the use of delimiters or 'ignore' warnings for the fetched content.
  • Capability inventory: High. The skill is permitted to use Bash, Write, Edit, Task, and WebFetch.
  • Sanitization: Absent. No validation or filtering of the fetched content is performed before processing.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run a local Python script located at $HOME/claude-code-toolkit/scripts/voice_validator.py. While functional, this creates a dependency on an external script whose integrity is not verified by the skill itself.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes WebFetch or curl to retrieve content from user-supplied URLs. This capability can be exploited for Server-Side Request Forgery (SSRF) if the agent is directed to access internal network resources or cloud metadata services.
  • [DATA_EXFILTRATION]: The skill reads local files based on user input. Without strict path validation, this could be used to expose sensitive local files (e.g., configuration or credentials) to the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 04:36 PM
Security Audit — agent-trust-hub — article-evaluation-pipeline