jina
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): Vulnerable to Indirect Prompt Injection. The skill is designed to scrape content from untrusted external URLs and search queries. 1. Ingestion points: Identified in SKILL.md Step 3 where content is extracted via 'refly workflow toolcalls'. 2. Boundary markers: Absent. 3. Capability inventory: The skill passes raw content to the agent, which may have write or execute permissions in its environment. 4. Sanitization: Absent. This allows attackers to embed malicious instructions in web pages that the agent might inadvertently execute.
- EXTERNAL_DOWNLOADS (MEDIUM): The installation process fetches a remote skill package and an opaque workflow (ID: c-ee1nlrsdlebaodpn5fvs3sj2) from an untrusted author (chizblank). The specific logic within the remote workflow cannot be audited from the provided files.
Recommendations
- AI detected serious security threats
Audit Metadata