Skills
skills/naohainezha/skill/web-fetch/Gen Agent Trust Hub

web-fetch

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill uses curl and WebFetch to download data from URLs provided at runtime. This involves interacting with external, untrusted content.
  • [COMMAND_EXECUTION] (LOW): Employs Bash tools like sed, jq, lynx, and w3m for data processing. While functional, executing shell commands on untrusted external output presents a security surface.
  • [PROMPT_INJECTION] (LOW): (Indirect Prompt Injection Surface) 1. Ingestion points: Data fetched from external URLs via curl or WebFetch. 2. Boundary markers: None identified; instructions do not specify delimiters for external content. 3. Capability inventory: Bash execution (curl, sed, jq) and web fetching tools. 4. Sanitization: Employs sed for basic HTML removal, which is insufficient to filter out malicious instructions within the text content.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:50 PM