Skills
skills/arcaneorion/alice-single/fetch/Gen Agent Trust Hub

fetch

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The script fetch.py executes npx -y @smithery/mcp-fetch. This command automatically downloads and runs the latest version of an external package from the npm registry every time the skill is initialized. This introduces a supply-chain risk as the external package source is not a pre-approved trusted repository and could be compromised.
  • COMMAND_EXECUTION (MEDIUM): The skill uses subprocess.Popen to launch a shell-mediated command (npx). While the arguments provided to the fetch tool itself are structured via JSON-RPC, the reliance on system-level binaries (npx) to fetch remote code poses a medium risk.
  • PROMPT_INJECTION (LOW): As a Category 8 Indirect Prompt Injection surface, the skill is designed to fetch arbitrary web content and print it to standard output.
  • Ingestion points: fetch.py reads content from user-provided URLs via @smithery/mcp-fetch.
  • Boundary markers: None identified. The content is printed directly as text.
  • Capability inventory: subprocess.Popen is used to launch the MCP server.
  • Sanitization: None. The script directly prints item.get('text') from the external tool output without validation or escaping, allowing malicious instructions from web pages to enter the Agent's context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:39 PM