jina-web-fetch
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script fetches data from arbitrary external URLs provided at runtime and utilizes the well-known jina.ai (r.jina.ai) service as a fallback mechanism for content extraction.
- [COMMAND_EXECUTION]: The skill executes a bash script that uses curl to perform HTTP requests, handling user-supplied URLs as command-line arguments.
- [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface as it ingests untrusted data from the web. 1. Ingestion points: Raw content is retrieved from external URLs in scripts/fetch_with_jina_fallback.sh. 2. Boundary markers: No delimiters or ignore instructions are used to encapsulate the fetched content. 3. Capability inventory: The skill uses curl for network access and mkdir/cp for file operations. 4. Sanitization: No content filtering, validation, or sanitization is performed on the retrieved data before it is returned to the agent.
Audit Metadata