overseas-registry-source-research
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions require the agent to generate and execute Python scripts (e.g.,
<slug>-<source>-<module>-download-sample.py) to download data samples. This pattern of runtime code execution is a known attack surface. - [REMOTE_CODE_EXECUTION]: Because the generated scripts are derived from the analysis of external, potentially attacker-controlled websites, there is a risk that malicious content could influence the agent to generate code that performs unauthorized operations.
- [EXTERNAL_DOWNLOADS]: The skill's core functionality involves interacting with and downloading data from diverse external registries and third-party portals, exposing the agent to unverified remote data.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Ingestion points: Untrusted external registry websites and API responses (SKILL.md). Boundary markers: No specific boundary markers or 'ignore' instructions are provided for processed external content. Capability inventory: Capability to write scripts to the local filesystem and execute them (SKILL.md). Sanitization: No explicit sanitization or validation of external content is mentioned before it is used to determine script logic.
Audit Metadata