Skills
skills/browserbase/skills/fetch/Gen Agent Trust Hub

fetch

Fail

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: CRITICALEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The file EXAMPLES.md contains a reference to https://bit.ly/example, which has been flagged by security scanners as a known malicious URL associated with botnet activity. While used as an example for redirect following, its inclusion poses a risk to users who might interact with the link.
  • [DATA_EXFILTRATION]: The skill provides an interface for Server-Side Request Forgery (SSRF) through the fetch API. Specifically, the allowInsecureSsl: true parameter documented in SKILL.md and REFERENCE.md allows bypassing TLS verification. This can be exploited to access internal, self-signed services (e.g., staging.internal.example.com) or sensitive metadata endpoints, potentially exposing internal data.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from external URLs and returns it to the agent context.
  • Ingestion points: Web content is retrieved via the fetch tool in SKILL.md and EXAMPLES.md (e.g., response.content).
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to treat the fetched content as potentially adversarial or to ignore embedded instructions.
  • Capability inventory: The skill returns the full page body, headers, and metadata. While it does not execute code locally, the content can manipulate the agent's behavior in subsequent steps.
  • Sanitization: There is no evidence of sanitization or filtering of the content field before it is processed by the agent.
Recommendations
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 12, 2026, 09:08 AM