Skills
skills/zhayujie/chatgpt-on-wechat/web-fetch/Gen Agent Trust Hub

web-fetch

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The scripts/fetch.sh script allows writing output to an arbitrary file path provided as a parameter. An attacker could potentially overwrite sensitive files like ~/.bashrc or ~/.ssh/authorized_keys if they can influence the arguments passed to this skill.
  • EXTERNAL_DOWNLOADS (LOW): The skill uses curl to download content from arbitrary URLs. While necessary for its function, it involves interacting with untrusted external data.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection (Category 8). 1. Ingestion point: Web content enters via curl in scripts/fetch.sh. 2. Boundary markers: Absent; fetched content is returned as plain text without delimiters. 3. Capability inventory: Subprocess calls (curl) and file-write operations. 4. Sanitization: Only basic HTML tag removal is performed via sed, which does not prevent malicious natural language instructions from being passed to the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:09 PM