download-file
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted webpage content to identify download links and buttons, presenting an attack surface for indirect prompt injection.
- Ingestion points: Webpage DOM elements (links, buttons) are scanned for keywords like 'Download' or 'Export' (Step 4).
- Boundary markers: Non-negotiable rules require explicit user confirmation and disclosure of the source domain before initiating any download (Step 2).
- Capability inventory: The skill can trigger file downloads and bypass browser safety prompts (Step 5).
- Sanitization: No sanitization of web content is performed; safety relies on user verification.
- [EXTERNAL_DOWNLOADS]: The skill is designed to fetch external files, including potentially dangerous executable formats like .exe, .dmg, and .bat, and specifically instructs the agent to bypass browser safety warnings.
- Evidence: Step 4 triggers downloads based on file extensions, and Step 5a instructs the agent to click 'Keep' on harmful file warnings after user confirmation.
Audit Metadata