Skills
NYC
skills/johnlindquist/claude/spider/Gen Agent Trust Hub

spider

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). It fetches content from arbitrary external websites and passes it directly into an LLM prompt without sanitization or boundary markers.\n
  • Ingestion points: Untrusted web content is ingested via curl in several sections, such as the 'Page Analysis' and 'Security Scan' blocks.\n
  • Boundary markers: Absent. The $CONTENT and $HEADERS variables are interpolated directly into prompts without XML tags, delimiters, or instructions to ignore embedded commands.\n
  • Capability inventory: The agent has access to curl, bash, and the gemini CLI tool to perform further network and file operations.\n
  • Sanitization: None. The skill performs no filtering or escaping of the fetched HTML before it is processed by the AI.\n- EXTERNAL_DOWNLOADS (SAFE): The skill performs downloads from user-specified URLs as part of its primary purpose (web crawling). While an automated scanner flagged curl | python3 as a remote code execution pattern, analysis of the source code confirms this is a false positive. The skill uses python3 -c to execute a static, embedded Python script that treats the downloaded content as data (stdin), not as executable code.\n- COMMAND_EXECUTION (LOW): The skill utilizes shell pipes and python3 -c for data processing and text extraction. These commands are static and do not incorporate untrusted external input into the command string itself.
Recommendations
  • HIGH: Downloads and executes remote code from: https://example.com - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 05:31 PM