Skills
skills/transilienceai/communitytools/patt-fetcher/Gen Agent Trust Hub

patt-fetcher

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches content from multiple raw URLs pointing to the swisskyrepo/PayloadsAllTheThings repository on GitHub. This is a third-party, non-vendor repository that is not included in the trusted organizational list. While the content consists of markdown documentation, the skill's purpose is to fetch these payloads for use in other prompts.
  • [PROMPT_INJECTION]: The skill exhibits a significant surface for Indirect Prompt Injection by design.
  • Ingestion points: The WebFetch operation retrieves markdown content from a large list of external URLs defined in the URL Map (SKILL.md).
  • Boundary markers: The instructions lack any requirement for delimiters, XML tags, or system warnings to ignore instructions embedded within the fetched payloads.
  • Capability inventory: The skill explicitly states that fetched payloads should be 'baked into executor prompts,' meaning the untrusted external data is directly interpolated into the agent's command/instruction stream.
  • Sanitization: There is no mention of sanitization, filtering, or validation of the fetched markdown before it is returned to the caller or used in subsequent prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 11:11 PM