Skills
skills/aws-samples/sample-strands-agent-with-agentcore/url-fetcher/Gen Agent Trust Hub

url-fetcher

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through external data ingestion.
  • Ingestion points: The fetch_url_content tool accepts arbitrary URLs provided at runtime in SKILL.md.
  • Boundary markers: There are no specified delimiters or instructions to isolate the fetched content from the system prompt.
  • Capability inventory: The skill enables network read access via external HTTP requests.
  • Sanitization: It filters HTML boilerplate but does not provide a mechanism to sanitize the extracted natural language text for adversarial instructions.
  • [DATA_EXFILTRATION]: The skill facilitates outbound network connections to non-whitelisted domains. While intended for fetching information, this capability could be used to transmit data to an external server controlled by an attacker if the agent is successfully manipulated.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 01:10 AM