wget-reader
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection because it retrieves untrusted data from the internet and returns it to the agent's context. \n
- Ingestion points: The skill uses
wget -qO-to fetch content from attacker-controlled URLs and display it to stdout (agent context). \n - Boundary markers: Absent. The instructions do not specify any delimiters or warnings to treat the fetched content as untrusted. \n
- Capability inventory: The skill possesses network access (
wget) and file-writing capabilities (-O). \n - Sanitization: Absent. There is no sanitization or filtering of the fetched content before it is processed by the agent. \n- EXTERNAL_DOWNLOADS (HIGH): The skill allows downloading arbitrary files from the internet to specific local paths. This could be exploited to overwrite critical configuration files (e.g.,
~/.bashrc, SSH keys) if the agent is manipulated into specifying a sensitive local filename. \n- COMMAND_EXECUTION (MEDIUM): The skill executes shell commands using variables provided by the user (URLs and filenames). While the instructions suggest quoting, any failure in the agent's input validation or the shell's handling of special characters could lead to command injection. \n- DATA_EXFILTRATION (LOW): Although primarily a retrieval tool,wgetcan be used to exfiltrate data by appending sensitive information to URL parameters or custom HTTP headers if an attacker can influence those inputs.
Recommendations
- AI detected serious security threats
Audit Metadata