shorten
Warn
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION] (MEDIUM): The skill sends user-provided data (URLs) to the external service
is.gdvia a POST request. While this is the intended functionality, it presents a privacy risk as sensitive internal URLs could be transmitted to a third party without explicit user confirmation of the data destination. - [COMMAND_EXECUTION] (LOW): The
shorten.shscript executes thecurlcommand. It correctly utilizes--data-urlencodeto handle the input variable$URL, which effectively mitigates the risk of shell command injection via malicious URL strings. - [INDIRECT PROMPT INJECTION] (MEDIUM): This skill handles untrusted external data.
- Ingestion points: The script accepts a URL argument from the agent's context in
shorten.sh. - Boundary markers: None. The URL is processed directly as a string.
- Capability inventory: Execution of
curlfor network POST operations. - Sanitization: The script uses URL encoding for transmission, but does not validate the content or destination of the URL being shortened.
- Risk: An attacker could embed malicious instructions in a document that the agent reads, tricking the agent into sending sensitive internal URLs to the shortening service.
Audit Metadata