sosumi
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed to improve agent performance by converting JavaScript-rendered documentation into Markdown. All identified external resources (sosumi.ai and @nshipster/sosumi) are associated with the project's author.
- [EXTERNAL_DOWNLOADS]: The documentation provides instructions to install the
@nshipster/sosumipackage from the npm registry using standard tools like npx, bunx, and deno. This is an expected deployment method for the tool. - [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by ingesting external web content via the
fetchExternalDocumentationtool. - Ingestion points:
SKILL.md(viafetchExternalDocumentation,fetchAppleDocumentation, andfetchAppleVideoTranscripttools) - Boundary markers: The instructions do not define specific delimiters or instructions for the agent to ignore embedded commands in the fetched Markdown.
- Capability inventory: The skill itself does not define local file system or execution capabilities, limiting the potential impact of an injection.
- Sanitization: No sanitization or content validation is mentioned.
Audit Metadata