web-reader
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The script 'scripts/web-reader.ts' imports 'z-ai-web-dev-sdk', an unknown dependency not listed in trusted sources. This presents a risk of executing unverified or potentially malicious code.
- [PROMPT_INJECTION] (LOW): The skill contains an indirect prompt injection surface (Category 8). 1. Ingestion point: Content from external URLs via 'page_reader'. 2. Boundary markers: Absent. 3. Capability inventory: Data is logged to the console for agent consumption. 4. Sanitization: Absent.
- [DATA_EXFILTRATION] (LOW): URLs are transmitted to an external service via the 'page_reader' function in the SDK, which could lead to tracking or exposure of sensitive user-provided links.
- [REMOTE_CODE_EXECUTION] (MEDIUM): A malicious URL ('this.ca') was detected by automated scans. Although not explicitly visible in the provided source code, its presence in the analysis context suggests the inclusion of high-risk components within the dependency chain.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata