geofeed-tuner
Warn
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions require the agent to dynamically generate and execute multiple Python scripts during Phase 3 (Checks), Phase 4 (Tuning Payload & Attachment), and Phase 5 (Report Generation). These scripts process user-provided data, creating a risk if the input contains content designed to manipulate the script's logic.
- [DATA_EXFILTRATION]: The skill transmits user-provided data, including IP prefixes and geolocation fields, to an external service (
fastah.ai). This occurs both during the backend tuning process via an MCP tool and within the generated HTML report, which includes client-sidefetchcalls to an external API endpoint. - [EXTERNAL_DOWNLOADS]: The skill allows for downloading CSV files from arbitrary remote URLs supplied by the user. While intended for processing geofeed data, this capability could be used for Server-Side Request Forgery (SSRF) or to ingest untrusted data into the skill's processing pipeline.
- [PROMPT_INJECTION]: An indirect prompt injection surface is present as the skill ingest untrusted data from external URLs or local CSV files and processes that data through several script-based stages. The combination of data ingestion with script execution and network access provides an exploitable capability chain.
Audit Metadata