fetch
Fail
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: CRITICALPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests raw HTML/JSON from external URLs, creating a surface for indirect prompt injection. \n
- Ingestion points: The content field returned by the api.browserbase.com/v1/fetch endpoint in SKILL.md and EXAMPLES.md. \n
- Boundary markers: No delimiters or instructions are used to sequester external content from the agent's primary instructions. \n
- Capability inventory: The skill uses Bash to execute curl commands. \n
- Sanitization: No sanitization of the response content is documented or performed before it is returned to the agent context. \n- [EXTERNAL_DOWNLOADS]: A reference to https://bit.ly/example in EXAMPLES.md was flagged by automated scanners. The skill also includes instructions to install official SDKs (@browserbasehq/sdk and browserbase), which are legitimate vendor-owned packages. \n- [COMMAND_EXECUTION]: The skill uses Bash to perform network operations via curl to interact with the author's API endpoint at api.browserbase.com.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata