agent-directory
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents an Indirect Prompt Injection vulnerability surface by encouraging the agent to ingest and obey instructions from external sources.
- Ingestion points: The workflow described in
SKILL.mddirects the agent to fetch service lists fromhttps://ctxly.com/services.jsonand then follow URLs to retrieve documentation from third-party sites likemoltbook.com. - Boundary markers: No specific delimiters or safety instructions are provided to help the agent distinguish between its core instructions and potentially malicious commands embedded in the fetched markdown files.
- Capability inventory: The skill utilizes
curlfor network requests and expects the agent to parse and execute logic found in external files. - Sanitization: The skill lacks mechanisms to sanitize or validate the content of the external documentation before it is integrated into the agent's context.
- [EXTERNAL_DOWNLOADS]: The skill facilitates the retrieval of external data via command-line tools.
- Fetches a directory of services from
ctxly.comusingcurl. - Dynamically fetches
skill.mdfiles from third-party domains defined in the directory metadata.
Audit Metadata