Skills
skills/otrebu/agents/scratchpad-fetch/Gen Agent Trust Hub

scratchpad-fetch

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill is designed to ingest untrusted external data into the agent's context without sanitization.
  • Ingestion points: scripts/fetch_urls.sh downloads content from any user-provided URL using curl.
  • Boundary markers: The script uses simple Markdown headers (## Source: $url) and separators (---), but lacks explicit instructions to the LLM to ignore any command-like text within the downloaded content.
  • Capability inventory: The agent has access to the Bash tool, which could be exploited if the agent follows instructions found in a fetched document.
  • Sanitization: None. Raw content from the web is appended directly to the scratchpad files.
  • External Downloads (LOW): The script performs network operations using curl -sL to fetch data from non-whitelisted domains. While this is the primary purpose of the skill, it represents a standard risk associated with processing external web data.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:22 PM