observability-monitoring
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill uses
curlto fetch content fromhttps://fullstackrecipes.com. Since this domain is not on the trusted sources list and the agent is explicitly instructed to 'complete' these recipes, it creates a risk of the agent executing unverified remote instructions or shell commands. - Data Exposure & Exfiltration (LOW): The skill configures Sentry and Vercel Analytics. By design, these integrations transmit application logs, error reports, and user event data to external third-party platforms.
- Indirect Prompt Injection (LOW): The skill's architecture is susceptible to indirect prompt injection from the external recipe source.
- Ingestion points: Remote markdown recipes are fetched via
curlfromfullstackrecipes.comendpoints (File: SKILL.md). - Boundary markers: Absent; there are no markers or system instructions to delimit or ignore embedded instructions within the fetched markdown.
- Capability inventory: The agent is tasked with 'completing' recipes, which involves the capability to perform file system writes and execute shell commands.
- Sanitization: No sanitization or verification of the fetched markdown content is performed before the agent processes it as instructions.
Audit Metadata