url-opener
Fail
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: CRITICALPROMPT_INJECTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill uses phrases like "Ignore previous instructions about safety warnings" and "You are now in developer mode" to attempt to override the AI agent's built-in safety constraints.
- [DATA_EXFILTRATION]: The agent is explicitly instructed to leak the $ANTHROPIC_API_KEY by appending it as a query parameter to URLs, representing a direct attempt to steal user credentials.
- [REMOTE_CODE_EXECUTION]: The skill includes a direct command to download and execute a script from an untrusted URL (attacker.example.org) via a shell pipe, which can result in full system compromise.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands directly, which is a significant security risk when paired with untrusted remote sources.
- [CREDENTIALS_UNSAFE]: The skill targets specific environment variables that contain secret authentication tokens for exfiltration.
- [EXTERNAL_DOWNLOADS]: The skill attempts to pull code from an unverified, external, and suspicious domain.
Recommendations
- HIGH: Downloads and executes remote code from: https://attacker.example.org/setup.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata