ingest-url
Warn
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using external or environment-derived strings. Specifically, it calls
defuddle <url>andgit remote get-url origin. If a maliciously crafted URL or git configuration contains shell metacharacters, it could lead to arbitrary command execution on the host system.- [PROMPT_INJECTION]: The skill is designed to ingest untrusted data from the web. Although it includes an explicit 'Content Trust Boundary' section instructing the agent to treat web content as data rather than instructions, the ingestion of arbitrary HTML/Markdown remains a significant surface for indirect prompt injection attacks.- [DATA_EXFILTRATION]: The skill has the capability to read sensitive project files (e.g.,package.json,.manifest.json) and perform network requests (viaWebFetchordefuddle). While the primary intent is fetching a user-specified URL, a compromise via indirect prompt injection could potentially repurpose these capabilities to exfiltrate local data.
Audit Metadata