Skills
skills/openminis/minisskills/web-content-extractor/Gen Agent Trust Hub

web-content-extractor

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it fetches content from arbitrary external URLs and instructs the agent to use that content to answer questions or process data.
  • Ingestion points: External content fetched via curl in SKILL.md.
  • Boundary markers: Absent; there are no instructions to the agent to ignore or delimit instructions found within the fetched content.
  • Capability inventory: Uses shell_execute with curl for network requests.
  • Sanitization: Absent; the skill does not specify any validation or filtering of the fetched Markdown content.
  • [COMMAND_EXECUTION]: The skill utilizes shell_execute to run curl commands with user-provided URLs. While it provides instructions to wrap URLs in quotes to prevent shell meta-character exploitation, this remains a significant execution surface.
  • [EXTERNAL_DOWNLOADS]: The skill is designed to download data from external services (defuddle.md and r.jina.ai). These are well-known tools for web content extraction, and their use is central to the skill's stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 11:48 AM