swift-networking
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (HIGH): The script
scripts/generate-mock.shaccepts an unvalidated$ENDPOINTvariable and passes it directly tocurl. An attacker could exploit this to perform Local File Inclusion (LFI) by providing a URI such asfile:///etc/passwd, causing the agent to read and save sensitive local files to theMocks/directory. - [Indirect Prompt Injection] (HIGH): The skill exposes a data ingestion surface that lacks sanitization or boundaries.
- Ingestion points:
scripts/generate-mock.sh(viacurlfetch from remote/local URLs). - Boundary markers: Absent; the fetched content is written directly to
Mocks/response.json. - Capability inventory: The skill possesses network read (
curl) and file system write (redirection) capabilities. - Sanitization: None; there is no validation of the URL scheme or the content returned by the endpoint.
- [Command Execution] (MEDIUM): The skill includes an executable shell script that performs network and file system operations. While intended for mock generation, its lack of input validation increases the risk of the agent being coerced into performing unintended system actions.
Recommendations
- AI detected serious security threats
Audit Metadata