extract-site
Pass
Audited by Gen Agent Trust Hub on Jun 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's primary function is to ingest and process untrusted content from external URLs. This creates a surface for indirect prompt injection, where an attacker could place malicious instructions inside a website's CSS comments, metadata, or hidden HTML elements to manipulate the agent's behavior or file output during the extraction process.
- Ingestion points: Website content extracted from user-provided URLs in
SKILL.md(Workflow Step 1). - Boundary markers: No specific delimiters or safety warnings are used to isolate extracted site data from the agent's instructions.
- Capability inventory: The skill performs file system writes to the
themes/directory and thellmwiki/repository. - Sanitization: No sanitization or validation of the ingested external content is mentioned before it is used to generate markdown and HTML files.
Audit Metadata