web-fetch
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill serves as a primary ingestion point for untrusted external data, making it highly vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The script
scripts/web_fetch.pyfetches arbitrary content from user-provided URLs. - Boundary markers: Absent. The skill returns raw content to the agent without any delimiters or instructions to treat the data as untrusted, allowing embedded malicious commands to be interpreted as agent instructions.
- Capability inventory: While the tool is restricted to network GET requests, the content it retrieves is processed by the agent, which may have broader capabilities such as file system access or credential usage.
- Sanitization: Absent. No filtering or sanitization is performed on the extracted markdown or JSON content before it is passed to the agent.
- Data Exposure & Exfiltration (LOW): The script makes network requests to
https://r.jina.ai. This is a non-whitelisted external domain. While this is the intended function of the skill, it involves sending potentially sensitive URLs to a third-party service.
Recommendations
- AI detected serious security threats
Audit Metadata