Skills
skills/rightnow-ai/openfang/collector-hand-skill/Gen Agent Trust Hub

collector-hand-skill

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the shell_exec tool to perform environment detection, specifically running python -c "import platform; print(platform.system())" during its initialization phase. This establishes a capability that could be targeted for exploitation if the agent is compromised.
  • [EXTERNAL_DOWNLOADS]: The skill is designed to continuously fetch and analyze data from arbitrary external sources using web_search and web_fetch tools as part of its core intelligence gathering function.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It retrieves content from untrusted external web pages and processes it to extract entities and sentiment without using boundary markers or sanitization.
  • Ingestion points: External web content retrieved via web_fetch in Phase 3.
  • Boundary markers: Absent; the agent is instructed to process full content from fetches without specific delimiters to separate untrusted data from instructions.
  • Capability inventory: shell_exec, file_read, file_write, schedule_create, and web_fetch.
  • Sanitization: Absent; there is no logic to validate or escape external content before it is processed by the AI.
  • [DATA_EXFILTRATION]: The skill maintains a combination of file_read and web_fetch tools. This configuration creates a potential path for data exfiltration where malicious instructions from a fetched website could instruct the agent to read local files and send the data to a remote server.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 08:45 AM