Skills
skills/neversight/skills_feed/web-fetch/Gen Agent Trust Hub

web-fetch

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill documentation encourages the use of curl, grep, and bun to fetch and process web content. These are standard tools for the skill's stated purpose of web content extraction.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill fetches data from arbitrary user-provided URLs. While it does not download executable code from these URLs, the content is processed and displayed to the agent.
  • [INDIRECT_PROMPT_INJECTION] (LOW): As a web-fetching tool, this skill has a significant attack surface for indirect prompt injection.
  • Ingestion points: Web content fetched via curl and processed by html2markdown or the Bun script enters the agent's context.
  • Boundary markers: None identified in the provided documentation; content is converted to markdown and likely directly interpolated.
  • Capability inventory: The skill uses curl, grep, wc, and bun (via fetch.ts) to interact with the system and network.
  • Sanitization: The skill performs content extraction via CSS selectors, which acts as a basic filter, but it does not sanitize the resulting markdown text for malicious instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 05:34 PM