Skills
skills/seed-hypermedia/seed/seed-hypermedia-read/Gen Agent Trust Hub

seed-hypermedia-read

Warn

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses sudo with system package managers (e.g., apt-get, dnf, pacman) to install the grpcurl utility during prerequisite setup.
  • [COMMAND_EXECUTION]: The skill captures output from a grpcurl command into a shell variable and interpolates that variable directly into the JSON payload of a subsequent shell command. This pattern creates a shell injection risk if the data returned by the server contains malicious characters intended to break out of the string context.
  • [EXTERNAL_DOWNLOADS]: Provides instructions to download grpcurl binaries from the official FullStory GitHub repository.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from external gRPC endpoints.
  • Ingestion points: Data retrieved from gRPC server methods (stored in variables like RESULT and VALUE).
  • Boundary markers: No boundary markers or delimiters are used to differentiate untrusted server data from the agent's instructional context.
  • Capability inventory: The skill possesses the capability to execute shell commands (grpcurl, curl, jq) and write files to /tmp.
  • Sanitization: There is no evidence of sanitization, escaping, or validation of the variables extracted from gRPC responses before they are used in downstream shell execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 27, 2026, 04:12 PM