http-client
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [Data Exfiltration] (HIGH): The skill provides the capability to read local files via the
--fileargument and send their contents to any URL. An attacker could use indirect prompt injection to trick an agent into exfiltrating sensitive files (e.g., credentials or SSH keys) to a malicious server. - [Indirect Prompt Injection] (HIGH): Mandatory Evidence Chain:
- Ingestion points: Processes data from arbitrary external URLs via the
requestslibrary inscripts/http_client.py. - Boundary markers: None present; the tool treats all response data as trusted for display or storage.
- Capability inventory: Arbitrary network requests (GET/POST/etc.), file reading (
--file), and file writing (--output). - Sanitization: None; the tool provides raw access to the network and filesystem without validation of URLs or file paths.
- [Command Execution] (MEDIUM): While the script itself does not call
eval()orsubprocess, the AI agent's use of this script involves executing a CLI tool that can modify the local filesystem (--output), which could be leveraged for persistence or overwriting critical configuration files.
Recommendations
- AI detected serious security threats
Audit Metadata