skills/blink-new/openclaw/blink-fetch/Gen Agent Trust Hub

blink-fetch

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill provides the blink fetch command which allows the agent to make outbound HTTP requests to arbitrary external URLs. This is the primary intended functionality of the skill for calling APIs and downloading web content, though it serves as a general-purpose network egress point.
  • [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by retrieving untrusted content from external URLs into the agent's context.
  • Ingestion points: Data is ingested via the blink fetch <url> command documented in SKILL.md.
  • Boundary markers: None identified; external content is processed directly or passed through pipes.
  • Capability inventory: The skill allows for network operations (blink fetch) and local command execution via subprocesses (python3).
  • Sanitization: No sanitization or validation of external content is specified in the provided instructions.
  • [COMMAND_EXECUTION]: The documentation provides examples of using shell pipes to send fetched data into local subprocesses, specifically using python3 -c to parse and extract information from JSON responses.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 09:19 PM
Security Audit — agent-trust-hub — blink-fetch