Skills
skills/ignaciosua/copilot-skills-repo/web-fetch/Gen Agent Trust Hub

web-fetch

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [Data Exposure & Exfiltration] (MEDIUM): Potential for Local File Read (LFR) and Server-Side Request Forgery (SSRF).
  • Evidence: The web_fetch.py script uses urllib.request.urlopen(request) directly with a user-provided URL.
  • Risk: Python's urllib supports multiple protocols beyond HTTP/HTTPS. An attacker could pass file:///etc/passwd or file:///home/user/.ssh/id_rsa to read sensitive local files, or use internal IP addresses to probe the local network.
  • [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from external web sources.
  • Ingestion points: web_fetch.py (the content variable populated by response.read()).
  • Boundary markers: Absent. The response content is returned as a raw string or JSON object without delimiters or warnings for the LLM.
  • Capability inventory: The skill allows network reads/writes (via HTTP methods) and potentially local file reads via the URL flaw.
  • Sanitization: No sanitization or filtering is performed on the fetched content before returning it to the agent.
  • [Data Exfiltration] (LOW): The skill allows the agent to send data to arbitrary external URLs via POST/PUT methods and custom headers.
  • Evidence: The --method and --data arguments in skill.json and web_fetch.py enable sending arbitrary payloads to non-whitelisted domains.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:43 PM