skills/jeremylongshore/claude-code-plugins-plus-skills/hypermedia-link-generator/Gen Agent Trust Hub
hypermedia-link-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill requests the Bash tool, which provides a command execution surface. Although restricted to curl, it still enables the agent to interact with shell environments.
- [DATA_EXFILTRATION] (LOW): The Bash(curl:*) capability allows outgoing network requests, which could be used to exfiltrate local file contents discovered via Read or Grep tools.
- [EXTERNAL_DOWNLOADS] (LOW): Use of curl allows the retrieval of content from the internet, which may contain malicious logic or instructions if not properly validated.
- [PROMPT_INJECTION] (LOW): Risk of Indirect Prompt Injection. Evidence: (1) Ingestion points: Untrusted data fetched via curl and user input. (2) Boundary markers: None present in instructions. (3) Capability inventory: Read, Write, Edit, Bash, Grep. (4) Sanitization: None specified in the skill definition.
Audit Metadata