Skills
skills/fldc/agent-skills/ostergotland-events/Gen Agent Trust Hub

ostergotland-events

Warn

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The workflow in SKILL.md instructs the agent to use the curl -k command to bypass SSL/TLS certificate validation errors. This is a dangerous practice that leaves the connection open to Man-in-the-Middle (MitM) attacks. The skill also uses lynx via shell piping to process retrieved content.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves data from multiple third-party domains listed in references/calendars.md, which creates a dependency on external, unverified content.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection from the external websites it scrapes.
  • Ingestion points: External event calendars listed in references/calendars.md.
  • Boundary markers: Absent; no delimiters are used to separate fetched content from instructions.
  • Capability inventory: The agent uses webfetch and command execution (curl, lynx) in SKILL.md.
  • Sanitization: Absent; the skill does not sanitize or validate the external text before processing it.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 13, 2026, 12:18 PM