content-digest

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external URLs.
  • Ingestion points: The skill fetches content from user-provided YouTube links, podcast transcripts, and article URLs using the WebFetch tool.
  • Boundary markers: No specific delimiters or instructions are used to distinguish untrusted source content from the agent's core instructions.
  • Capability inventory: The skill has the capability to write files to the local file system using the Write tool.
  • Sanitization: There is no evidence of content filtering, escaping, or validation of the fetched external data before processing.
  • [DATA_EXFILTRATION]: The skill instructions contain a hardcoded local file path (/Users/ugreen/Documents/obsidian/每日播客/). This exposure reveals information about the local system's directory structure and a specific username ('ugreen'), which can be used for reconnaissance in targeted attacks.
  • [COMMAND_EXECUTION]: The skill is designed to automatically execute file system operations. It directs the agent to use a Write tool to save generated content to a specific path automatically after processing, which could be exploited if combined with a successful indirect prompt injection attack.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 09:24 AM
Security Audit — agent-trust-hub — content-digest