distribb
Pass
Audited by Gen Agent Trust Hub on Jun 3, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface where it ingests untrusted data from external websites and API responses without sanitization or boundary markers.
- Ingestion points: Web content scraped by
distribb_research.pyand theinstructions_for_agentfield in API responses mentioned inSKILL.md. - Boundary markers: Absent in the AI prompts used in
distribb_research.pyanddistribb_writer.py. - Capability inventory: The skill utilizes
Bashwithcurl,jq, andcatvia its allowed-tools configuration. - Sanitization: No sanitization or filtering of the scraped content or API-provided instructions is implemented before processing by the AI.
- [PROMPT_INJECTION]: The skill uses directive language to alter the agent's response flow upon initial activation.
- Evidence:
SKILL.mdincludes the headerFIRST TIME READING THIS SKILL? STOP AND READ THIS SECTION TO THE USER. - [EXTERNAL_DOWNLOADS]: The
distribb_research.pyscript fetches data from arbitrary external URLs to perform research tasks. - Evidence: The
scrape_pagefunction indistribb_research.pyusesrequests.getto download content from third-party sites. - Note: This script disables SSL certificate verification (
verify=False), which introduces a risk of man-in-the-middle attacks. - [COMMAND_EXECUTION]: The skill relies on shell commands for API communication and data processing.
- Evidence: Workflow examples in
SKILL.mdandREADME.mdusecurl,jq, andcat.
Audit Metadata