skills/nshipster/sosumi.ai/sosumi/Gen Agent Trust Hub

sosumi

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is designed to improve agent performance by converting JavaScript-rendered documentation into Markdown. All identified external resources (sosumi.ai and @nshipster/sosumi) are associated with the project's author.
  • [EXTERNAL_DOWNLOADS]: The documentation provides instructions to install the @nshipster/sosumi package from the npm registry using standard tools like npx, bunx, and deno. This is an expected deployment method for the tool.
  • [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by ingesting external web content via the fetchExternalDocumentation tool.
  • Ingestion points: SKILL.md (via fetchExternalDocumentation, fetchAppleDocumentation, and fetchAppleVideoTranscript tools)
  • Boundary markers: The instructions do not define specific delimiters or instructions for the agent to ignore embedded commands in the fetched Markdown.
  • Capability inventory: The skill itself does not define local file system or execution capabilities, limiting the potential impact of an injection.
  • Sanitization: No sanitization or content validation is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 11:36 AM
Security Audit — agent-trust-hub — sosumi