AnnualReports
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [External Downloads] (LOW): The
UpdateSources.tstool fetches data from a third-party GitHub repository (jacobdjwilson/awesome-annual-security-reports) not listed in the trusted sources. While it only parses the content for URLs, it establishes a dependency on an external, untrusted source for the skill's core data.\n- [Data Exposure & Exfiltration] (LOW): TheFetchReport.tstool includes a--urlflag that allows the agent to fetch content from any provided URL. This creates a surface for Server-Side Request Forgery (SSRF) if the agent is used to probe internal network resources or fetch sensitive metadata from cloud environments.\n- [Prompt Injection] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests untrusted data from security reports and external README files.\n - Ingestion points:
Tools/FetchReport.ts(external report content) andTools/UpdateSources.ts(remote GitHub README).\n - Boundary markers: Absent. The summary files are generated by appending raw extracted text directly into markdown files, providing no delimiters to help the LLM distinguish between instructions and data.\n
- Capability inventory: The skill can execute commands via
bun, read and write local files in theReports/directory, and perform network requests viafetch.\n - Sanitization: The skill performs basic HTML tag stripping using regex, but it does not sanitize or filter for embedded LLM instructions within the fetched content.
Audit Metadata