simple-fetch
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to fetch and process content from user-provided URLs. This creates a surface for indirect prompt injection where an attacker-controlled website could provide instructions to the agent to perform unauthorized actions.
- Ingestion points: Content fetched from the
--urlparameter viascripts/simple_fetch.py. - Boundary markers: None. The instructions do not specify delimiters or warnings for the agent to ignore instructions within the fetched data.
- Capability inventory: The skill environment allows CLI execution via
uv runanduvx. - Sanitization: No sanitization or validation of the fetched content is indicated.
- Path Traversal / Out-of-Bounds Execution (MEDIUM): The
workflow.pyfile contains a relative path../../../scripts/simple_fetch.py. This attempts to access and execute a script located three directory levels above the skill's location, which is a common pattern for bypassing directory restrictions or sandbox constraints. - Information Exposure (LOW): The
SKILL.mdfile contains a hardcoded absolute path/home/khitomer/Projects/mcp-code-execution-enhanced, which exposes a local username and the directory structure of the development environment.
Audit Metadata