web-importer
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted content from the web. * Ingestion points: Content enters the system through URL fetching in scripts/web_import.py. * Boundary markers: No delimiters or ignore-instruction warnings are used to separate user data from potential instructions in the fetched content. * Capability inventory: The skill can execute commands through wpsnote-cli and access the network via requests and Playwright. * Sanitization: The skill removes HTML structural tags using BeautifulSoup but does not sanitize extracted text for malicious instructions.
- [COMMAND_EXECUTION]: The skill uses the wpsnote-cli tool via subprocess.run in scripts/wps_writer.py to manage WPS notes, which is an intended functionality of the vendor resource.
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to fetch content and images from user-specified URLs and requires the installation of Playwright browser binaries for rendering dynamic pages.
Audit Metadata