resource-downloader
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill is designed to fetch resources from external URLs using
Invoke-WebRequestandcurl. There is no whitelist of domains or validation of the file types being downloaded, allowing an attacker to trick the agent into downloading malicious scripts or binaries. - [COMMAND_EXECUTION] (HIGH): Instructions in
SKILL.mdandscripts.mdprovide direct command-line templates for network and filesystem operations. These commands are executed with the agent's privileges, which could be abused to access sensitive files if the agent is misled by an indirect prompt injection. - [INDIRECT_PROMPT_INJECTION] (HIGH): The skill processes untrusted data (URLs and external files) and possesses high-impact capabilities (network access and filesystem writes).
- Ingestion points: User-provided URLs and resource metadata from the web are ingested into the agent's context in
SKILL.mdandscripts.md. - Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands within downloaded content or metadata.
- Capability inventory: System command execution (
curl,PowerShell), filesystem modification (New-Item,Out-File,Rename-Item), and network requests are present across all script files. - Sanitization: Absent. No validation or filtering is performed on the URLs, filenames, or file content before processing.
- [REMOTE_CODE_EXECUTION] (MEDIUM): Although the primary focus is on media resources, the downloader functions in
scripts.mdare generic. An attacker could provide a URL to a malicious script, which the agent would then download to the local machine, posing a significant risk of subsequent execution.
Recommendations
- AI detected serious security threats
Audit Metadata