web-browse
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
curlcommand-line tool to fetch web pages andpython3 -cto execute inline Python scripts for text extraction and metadata parsing.- [EXTERNAL_DOWNLOADS]: The skill is designed to download content from arbitrary external URLs provided by the user or the agent. Examples include fetching fromhttps://example.comand downloading files to/tmp/file.pdf.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external web pages and presents the extracted text to the agent without boundary markers. - Ingestion points: Web content fetched via
curland piped into Python scripts. - Boundary markers: None; the skill does not wrap the extracted text in markers or include instructions for the agent to ignore embedded commands.
- Capability inventory: Shell command execution (
curl) and Python script execution (python3). - Sanitization: The skill performs basic HTML tag stripping using regex but does not sanitize for malicious prompt instructions embedded in the text content.
Recommendations
- HIGH: Downloads and executes remote code from: https://example.com - DO NOT USE without thorough review
Audit Metadata