content-digest
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external URLs.
- Ingestion points: The skill fetches content from user-provided YouTube links, podcast transcripts, and article URLs using the
WebFetchtool. - Boundary markers: No specific delimiters or instructions are used to distinguish untrusted source content from the agent's core instructions.
- Capability inventory: The skill has the capability to write files to the local file system using the
Writetool. - Sanitization: There is no evidence of content filtering, escaping, or validation of the fetched external data before processing.
- [DATA_EXFILTRATION]: The skill instructions contain a hardcoded local file path (
/Users/ugreen/Documents/obsidian/每日播客/). This exposure reveals information about the local system's directory structure and a specific username ('ugreen'), which can be used for reconnaissance in targeted attacks. - [COMMAND_EXECUTION]: The skill is designed to automatically execute file system operations. It directs the agent to use a
Writetool to save generated content to a specific path automatically after processing, which could be exploited if combined with a successful indirect prompt injection attack.
Audit Metadata