Skills
skills/plimeor/agent-skills/defuddle/Gen Agent Trust Hub

defuddle

Warn

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill uses steering instructions in SKILL.md to override default tools and prioritize an external service ('ALWAYS invoke this skill instead of WebFetch').
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations via curl to fetch content from the third-party domain defuddle.md.
  • [DATA_EXFILTRATION]: User-provided URLs are transmitted to the external defuddle.md service, which can expose sensitive information contained in parameters or internal addresses.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by ingesting untrusted remote content. 1. Ingestion points: Content fetched via curl in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution of curl in SKILL.md. 4. Sanitization: Absent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 16, 2026, 02:43 PM