gsdl-fetch-source
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEDATA_EXFILTRATIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill reads local configuration files from the user's home directory (
~/.cursor/mcp.json) and project directory (.cursor/mcp.json) to identify active Model Context Protocol (MCP) servers and tools. - [CREDENTIALS_UNSAFE]: The skill accesses environment variables
LINEAR_API_KEY,NOTION_TOKEN, andSLITE_API_KEYto authenticate direct API calls via curl. - [COMMAND_EXECUTION]: The skill executes
curlcommands to interact with the official APIs of Linear, Notion, and Slite for data retrieval. - [EXTERNAL_DOWNLOADS]: The skill fetches data from well-known services including
linear.app,notion.so, andslite.comand their respective API endpoints (api.linear.app,api.notion.com,api.slite.com). - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted content from external URLs and interpolates it into markdown templates for downstream agent processing.
- Ingestion points: External content fetched from Linear tickets, Notion pages, and Slite notes via URLs.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are included in the generated
seed.mdoutput. - Capability inventory: The data is passed to an orchestrator which writes content to the file system (
.planning/{project-name}/seed.md). - Sanitization: No sanitization or filtering is performed on the fetched external content before it is formatted into the project seed file.
Audit Metadata