http-request
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The
request.shscript provides the ability to include local file contents in the request body or as form data using the--fileand--form(with@syntax) flags. This creates a vector for exfiltrating sensitive local information, such as configuration files, environment variables, or private keys, if the agent is directed to process these paths. - [COMMAND_EXECUTION]: While the skill uses shell arrays to safely pass arguments to
curl, the tool itself provides a powerful network communication capability that can be used to interact with arbitrary endpoints from the local host environment. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external HTTP responses.
- Ingestion points: HTTP response bodies returned to stdout or saved to files via the
--outoption. - Boundary markers: No delimiters are used to separate external response data from the agent's internal instructions.
- Capability inventory: The agent can use this skill to perform further network requests, read/write files, and execute other tools based on the content of the response.
- Sanitization: The skill does not sanitize or validate response content before returning it to the agent.
- [EXTERNAL_DOWNLOADS]: The
index.jsimplementation includes hostname validation to block private and internal IP ranges (SSRF protection). However, therequest.shshell script does not implement any such validation, allowing requests to be directed toward internal network resources or cloud metadata services (e.g., 169.254.169.254).
Audit Metadata