Skills
NYC
skills/aidotnet/moyucode/url-shortener/Gen Agent Trust Hub

url-shortener

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [External Downloads] (LOW): The script scripts/url_shortener.py makes outbound network requests to tinyurl.com and is.gd. While these are legitimate services, they are not on the trusted source whitelist.
  • [Data Exfiltration] (LOW): User-provided URLs are sent to external APIs. While required for the skill's purpose, this represents data leaving the agent's environment to third-party providers.
  • [Indirect Prompt Injection] (LOW):
  • Ingestion points: Ingests user-provided URLs via command-line arguments in url_shortener.py.
  • Boundary markers: Absent; the input URL is interpolated directly into the API request strings.
  • Capability inventory: Performs network requests (urllib.request.urlopen) and file-system writes (qr.save).
  • Sanitization: Uses urllib.parse.quote for URL encoding, which provides basic protection against injection into the API request structure.
  • [Unverifiable Dependencies] (LOW): The script suggests the manual installation of the qrcode library if it is missing, which is a standard practice but relies on the user's environment management.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:32 PM