fetch
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [Unverifiable Dependencies] (HIGH): The script
fetch.pyexecutesnpx -y @smithery/mcp-fetch, which downloads and runs code from the npm registry at runtime without version pinning or source verification. - [Indirect Prompt Injection] (HIGH): The skill fetches and processes untrusted external content. 1. Ingestion points: The
fetch_urlmethod infetch.pyretrieves data from arbitrary URLs. 2. Boundary markers: None; the content is returned directly to the agent's context. 3. Capability inventory: The script usessubprocess.Popenand performs network requests. 4. Sanitization: No sanitization or filtering is performed on the retrieved content. - [Command Execution] (MEDIUM): The script uses
subprocess.Popento execute system commands, which relies on the localnpxenvironment and allows for potential execution of unverified code.
Recommendations
- AI detected serious security threats
Audit Metadata