url-tools
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The scripts parse.sh, shorten.sh, and validate.sh are vulnerable to script injection. User-supplied URLs are directly interpolated into a node -e command string (e.g., const url = '$URL'), enabling arbitrary Node.js code execution if an attacker provides a URL containing a single quote followed by code.
- [REMOTE_CODE_EXECUTION]: Automated scans detected a pattern where remote data from api.example.com is piped directly to python3. While documentation suggests using the json module, this capability facilitates the execution of untrusted remote code if the source content is malicious.
- [EXTERNAL_DOWNLOADS]: SKILL.md provides instructions for using curl -O to download files from arbitrary sources, which can be used to retrieve and potentially execute malicious content.
- [DATA_EXFILTRATION]: The skill references https://bit.ly/example, which is flagged as a botnet-related URL by security scanners. Furthermore, the identified script injection vulnerabilities can be leveraged to exfiltrate sensitive environment variables or local files.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Untrusted URL data enters the agent context via expand.sh, parse.sh, shorten.sh, and validate.sh. No boundary markers or sanitization are present to prevent embedded instructions from influencing agent behavior, which is critical given the skill's network and command execution capabilities.
Recommendations
- HIGH: Downloads and executes remote code from: https://api.example.com/data - DO NOT USE without thorough review
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata