fetch-url
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface detected. The skill fetches arbitrary external content and returns it to the agent, which could contain instructions intended to manipulate the agent.
- Ingestion points: Web content is ingested via
scripts/fetch_url.pythroughtrafilatura,playwright, or the FxTwitter API. - Boundary markers: No specific delimiters or "ignore instructions" headers are added to the extracted web content; Twitter content includes a minor source attribution comment.
- Capability inventory: The script provides text extraction; the primary risk depends on the broader capabilities of the agent possessing this skill.
- Sanitization: The script escapes Markdown control characters for rendering but does not perform sanitization of text to prevent instruction injection.
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to arbitrary user-provided URLs and a third-party service (
api.fxtwitter.com). The documentation also instructs the user to download browser binaries via the Playwright CLI tool.
Audit Metadata