tinyfish
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to scrape arbitrary websites, making it vulnerable to malicious instructions embedded in those pages.\n
- Ingestion points: External data is ingested via the
urlparameter inscripts/extract.shand the API examples inSKILL.md.\n - Boundary markers: No explicit delimiters are defined in the instructions to separate fetched content from the agent's operational logic.\n
- Capability inventory: The tool relies on network access via
curlto interact with the TinyFish automation service.\n - Sanitization: Input sanitization is present in
scripts/extract.shviasedescaping, which helps ensure the JSON payload is structurally sound but does not filter content for prompt injection.\n- [Data Exposure & Exfiltration] (LOW): The skill sends the scraping goal and target URL toagent.tinyfish.ai. This is the intended behavior and does not involve the exfiltration of sensitive local system files.
Audit Metadata