Skills
skills/zjp1997720/content-twin-toolkit/web-clipper/Gen Agent Trust Hub

web-clipper

Fail

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/bootstrap.sh script attempts to execute administrative commands via sudo -n to install system packages. It targets several package managers, including apt-get, dnf, yum, and pacman, for non-interactive installation of python3.
  • [REMOTE_CODE_EXECUTION]: The skill's bootstrap process automates the installation of system-level software (Python 3) from external repositories using tools like brew, winget, and choco, which modifies the user's host environment.
  • [EXTERNAL_DOWNLOADS]: The scripts/clip_articles.py script communicates with a third-party service (https://metaso.cn/api/v1/reader) to extract content when static scraping fails.
  • [PROMPT_INJECTION]: The skill processes content fetched from untrusted external URLs and converts it to Markdown for agent consumption, posing a risk of indirect prompt injection.
  • Ingestion points: Raw web content fetched by scripts/clip_articles.py from user-specified URLs.
  • Boundary markers: Absent; the output Markdown does not contain delimiters or instructions to ignore embedded instructions in the scraped content.
  • Capability inventory: The skill can perform file system writes and execute shell scripts/commands.
  • Sanitization: Basic HTML tag removal is performed, but no semantic filtering exists to prevent the agent from executing instructions found within the scraped articles.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 28, 2026, 01:27 AM
Security Audit — agent-trust-hub — web-clipper