summarize-skill
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill performs network requests to external URLs using the requests library to retrieve webpage content for summarization. This behavior is the primary function of the skill and is triggered by user input.\n- [EXTERNAL_DOWNLOADS]: Installation instructions include downloading well-known packages requests and beautifulsoup4 from official registries.\n- [PROMPT_INJECTION]: The skill processes untrusted content from the web, creating a potential surface for indirect prompt injection.\n
- Ingestion points: HTML content is fetched from arbitrary URLs in summarize.py via the process_url method.\n
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the processing logic.\n
- Capability inventory: The skill possesses network access via the requests library and file system access for managing a local cache in the user's home directory.\n
- Sanitization: The skill performs standard HTML stripping using BeautifulSoup, but does not implement filtering for potential adversarial instructions within the extracted text content.
Audit Metadata