extract-project-logo
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- External Downloads & Command Execution (MEDIUM): The skill instructs the agent to download files from arbitrary URLs found during web scraping. It provides templates for
curland Pythonrequestsexecution. - Evidence: Step 6 explicitly provides shell commands (
curl -o "{save_path}" "{logo_url}") and Python code blocks for file operations. - Risk: If
{save_path}or{logo_url}are not sanitized, an attacker could achieve command injection (e.g., using;or&in the string). Additionally, the skill lacks validation of the downloaded content's integrity or type beyond basic file extension checks. - Indirect Prompt Injection (LOW): The skill's core functionality involves ingesting data from untrusted external sources which could contain malicious instructions.
- Ingestion points: Website HTML, GitHub README files, and social media metadata (Step 1, 2, 3, 4).
- Boundary markers: Absent; the skill does not suggest using delimiters or instructions to ignore embedded commands in the source data.
- Capability inventory: File system write access (via
curlor Python), network requests, and browser automation via MCP Playwright. - Sanitization: Absent; the skill does not provide mechanisms to sanitize the content of processed files or the metadata extracted from the web.
- Data Exposure (LOW): The skill allows writing to a user-defined
save_path. Without path validation, this could be used for path traversal to overwrite sensitive system files or configuration files (e.g.,.bashrcor.ssh/authorized_keys).
Audit Metadata