web-research
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local Python script located at
~/.claude/skills/fetch4ai/scripts/fetch4ai.pyto perform advanced web content extraction. - [DATA_EXFILTRATION]: The skill performs legitimate network operations to fetch data from external URLs using
fetch_url,fetch4ai, andweb_searchfor research purposes. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external websites that could contain malicious instructions designed to influence the agent's behavior during synthesis.
- Ingestion points: Data is retrieved from the web via
fetch_url,fetch4ai, andweb_search(by subagents) and stored in files likeresearch_[topic_name]/findings_*.md(SKILL.md). - Boundary markers: The instructions lack explicit boundary markers or directives for the agent to ignore instructions embedded within the research findings.
- Capability inventory: The agent possesses the ability to
write_file,read_file,list_files, spawn subagents viatask, and execute local Python scripts (SKILL.md). - Sanitization: There is no evidence of sanitization or validation performed on the external content before it is read and processed by the main agent.
Audit Metadata