read
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches content from third-party proxies including https://defuddle.md and https://r.jina.ai to retrieve web page content.
- [REMOTE_CODE_EXECUTION]: Employs npx --yes agent-fetch which downloads and executes the agent-fetch package from the NPM registry at runtime.
- [COMMAND_EXECUTION]: Invokes shell commands such as curl for fetching data and images, and python3 for parsing JSON blocks and extracting text from PDFs.
- [SAFE]: Implements a security boundary by instructing the agent not to summarize or analyze fetched content unless explicitly requested, mitigating potential indirect prompt injection from retrieved web pages.
Audit Metadata