Skills
skills/wesley1600/claudecodeframework/web-fetch/Gen Agent Trust Hub

web-fetch

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it fetches untrusted external content and processes it using an agent with high-privilege capabilities.\n
  • Ingestion points: The WebFetch tool is used to retrieve data from arbitrary URLs as defined in SKILL.md and README.md.\n
  • Boundary markers: Absent. The instructions provide no delimiters or 'ignore' instructions for external content.\n
  • Capability inventory: The skill metadata in SKILL.md allows Bash, Write, and Read tools, providing the necessary primitives for system compromise.\n
  • Sanitization: Absent. There is no logic to filter or sanitize the fetched content.\n- COMMAND_EXECUTION (HIGH): The skill explicitly authorizes the use of the Bash tool in SKILL.md. Permitting shell access to an agent that processes untrusted web data is a high-risk configuration that can lead to remote command execution.\n- DATA_EXFILTRATION (MEDIUM): The agent can access local files (Read tool) and perform outbound network requests (WebFetch). While the skill implements a 'Max Uses' counter, this is a soft instruction-based limit that can be bypassed if the agent's logic is subverted via prompt injection.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 12:30 AM