Skills
skills/ninehills/skills/web-fetch/Gen Agent Trust Hub

web-fetch

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to retrieve and process content from external web pages.
  • Ingestion points: Content is ingested from arbitrary URLs via WebFetch, alma browser, and curl commands.
  • Boundary markers: There are no explicit instructions or delimiters defined to help the agent distinguish between its system instructions and potentially malicious instructions embedded in the retrieved web content.
  • Capability inventory: The skill possesses Bash and WebFetch capabilities, allowing it to perform network operations and execute system commands based on instructions it may receive.
  • Sanitization: The skill description does not include mechanisms for sanitizing or filtering the fetched content before it is processed by the agent.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute commands for networking and data processing.
  • It provides examples of using curl to fetch JSON APIs, download files to /tmp/, and check HTTP status codes.
  • It also utilizes jq for processing JSON data within the shell environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 09:32 AM