icon-retrieval
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches search results from 'https://lab.weavefox.cn/api/v1/infographic/icon' and retrieves SVG content from URLs provided by the API.
- [COMMAND_EXECUTION]: The skill employs 'curl' to perform network requests, which is a standard utility but involves interacting with external infrastructure.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from external sources. Ingestion points: Untrusted data enters the agent context through the icon search API and SVG content downloads. Boundary markers: There are no boundary markers or instructions to treat external data as untrusted. Capability inventory: The agent has the capability to execute 'curl' commands. Sanitization: There is no specified mechanism for sanitizing or validating the content retrieved from external URLs.
Audit Metadata