url-state-management
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
- External Downloads (MEDIUM): The skill uses
curlto retrieve content fromhttps://fullstackrecipes.com/api/recipes/*. This domain is not a recognized trusted source. The fetched content is intended to be followed as a set of instructions ('recipes'), meaning the agent's behavior is directly influenced by unverified external data. - Indirect Prompt Injection (MEDIUM): There is a significant risk of indirect prompt injection because the skill fetches external markdown content without boundary markers or sanitization. An attacker controlling the external API could inject malicious instructions that the agent might then execute.
- Remote Code Execution (LOW): While the fetched content is markdown and not directly piped into a shell (e.g.,
| bash), fetching logic from a remote server is a pattern used to bypass static analysis and execute arbitrary logic under the guise of 'instructions'.
Audit Metadata