Evaluate URLs and tools — check vault coverage, assess relevance, recommend save or skip
58
—
Does it follow best practices?
Impact
—
No eval scenarios have been run
Advisory
Suggest reviewing before use
Security
1 medium severity finding. This skill can be installed but you should review these findings before use.
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Third-party content exposure detected (high risk: 0.90). The skill's "Content Fetch & Analysis" workflow explicitly states it will use WebFetch and WebSearch to fetch and analyze public URLs and top search results (e.g., "If URL provided and web-fetch is active: Fetch the URL content using WebFetch" and "Use WebSearch to find the tool's primary page"), meaning untrusted third‑party page content is read and can directly influence save/skip recommendations and follow-up actions.
5e9851c
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.