add-reference
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from external sources.
- Ingestion points: In Step 3, the skill fetches content from user-provided URLs and reads user-supplied files.
- Boundary markers: There are no instructions to use delimiters (like XML tags or triple quotes) or 'ignore instructions' markers when summarizing or processing external content.
- Capability inventory: The skill has access to Bash, Write, and Read tools, which could be exploited if an agent accidentally obeys instructions found within the fetched content.
- Sanitization: No sanitization, escaping, or validation of the fetched URL content or file metadata is performed before writing it to the project's reference directory.
- [COMMAND_EXECUTION]: The skill executes shell commands using the Bash tool.
- Step 1 uses 'mkdir -p' to ensure the existence of the project's reference directory.
- [EXTERNAL_DOWNLOADS]: The skill performs network operations to retrieve external data.
- Step 3 includes a process to 'Fetch the URL content' for any URL provided by the user.
Audit Metadata