web-download
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (LOW): Detected vulnerability surface for Indirect Prompt Injection (Category 8). • Ingestion points: The skill fetches content from external URLs found during web research and reads node-list.txt. • Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands in the fetched web content. • Capability inventory: The agent can execute local scripts (scripts/parallel_fetch.py), write to the file system (materials/ directory), and perform network operations. • Sanitization: No sanitization of the fetched web content is performed before it is processed by the agent.
- [COMMAND_EXECUTION] (SAFE): The skill executes a local script
scripts/parallel_fetch.pyto facilitate parallel downloads. The script includes a sanitize_filename function that replaces dots and slashes, which effectively mitigates path traversal risks. - [EXTERNAL_DOWNLOADS] (SAFE): Network requests are performed for the purpose of research and data collection, which is the primary intended function of the skill.
Audit Metadata