web-fetch
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill performs network operations to fetch content from arbitrary external domains using
curlinscripts/fetch.sh(line 23). It also allows writing the fetched data to a user-specified file path (line 50), which could lead to overwriting local files.\n- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted web content, creating a risk of indirect prompt injection.\n - Ingestion points: Web content is retrieved via
curlfrom a user-provided URL inscripts/fetch.sh.\n - Boundary markers: There are no explicit delimiters or instructions provided to the agent to prevent it from interpreting the fetched text as commands.\n
- Capability inventory: The skill possesses file-writing capabilities on the local file system.\n
- Sanitization: Although HTML and script tags are removed, the resulting text is not sanitized or escaped to prevent malicious instructions from being executed or followed by the AI agent.
Audit Metadata