read-source
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the witan command-line interface to perform document conversion and text extraction tasks.
- [EXTERNAL_DOWNLOADS]: The documentation provides examples of the tool fetching and parsing content from external URLs, which involves network operations to retrieve untrusted data.
- Evidence: witan read https://example.com/report.pdf in SKILL.md
- [PROMPT_INJECTION]: The skill facilitates the ingestion of external, untrusted content from documents and URLs, establishing a surface for indirect prompt injection.
- Ingestion points: The witan read command in SKILL.md is the primary entry point for untrusted data from multiple file formats and remote web addresses.
- Boundary markers: The skill does not define or instruct the agent to use specific delimiters or protective framing for the parsed document content.
- Capability inventory: The documentation in SKILL.md explicitly describes a pipeline involving witan xlsx exec, which allows for the execution of arbitrary code via the --code flag.
- Sanitization: There is no evidence of content sanitization or instruction filtering performed on the text extracted from source documents.
Audit Metadata