unsplash
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [Data Exposure] (HIGH): The
common.shscript employs a high-risk method for loading environment variables. It calculates a path five levels above its installation directory—which resolves to the user's home directory (~) if installed as instructed—and attempts to load a.envfile from that location. Crucially, the script exports every variable found in the file into the current process environment. This can lead to the unintended exposure of highly sensitive secrets (e.g., AWS keys, private tokens) that may be stored in a general-purpose.envfile in the home directory. - [Indirect Prompt Injection] (LOW): The skill ingests and processes untrusted data from the Unsplash API, creating a vulnerability to indirect prompt injection.
- Ingestion points:
scripts/search.shandscripts/random.shreceive data fromapi.unsplash.com. - Boundary markers: Absent; the skill does not use delimiters or instruct the agent to ignore instructions within the API response.
- Capability inventory: The skill uses
curlfor networking andjqfor data extraction, providing formatted strings (like photo descriptions and attribution HTML) that the agent may interpret as commands. - Sanitization: Absent; data is passed directly from the API to the agent without filtering or escaping.
- [External Downloads] (LOW): The skill makes network requests to
api.unsplash.com. While this is the intended purpose of the skill, it involves communication with a non-whitelisted external domain.
Recommendations
- AI detected serious security threats
Audit Metadata