tech-advisor
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute shell commands, specifically using 'uvx', 'uv run', and 'curl' to perform web searches and fetch external content.
- [REMOTE_CODE_EXECUTION]: The skill facilitates the download and execution of the 'web-forager' and 'ddgs' Python packages from public registries at runtime. While 'web-forager' is a tool from the skill's author and 'ddgs' is a well-known library, this pattern involves executing third-party code fetched during the session.
- [EXTERNAL_DOWNLOADS]: The skill uses 'curl' to retrieve content from the Jina Reader service ('r.jina.ai'), which is a well-known platform for converting web pages into markdown for LLM consumption.
- [PROMPT_INJECTION]: The skill's primary function is to process untrusted data from the internet, creating a surface for indirect prompt injection attacks.
- Ingestion points: Content retrieved from web searches and URL fetches (via built-in tools, 'curl', and CLI searchers) is processed by the agent.
- Boundary markers: The instructions do not specify any delimiters or warnings to ignore instructions embedded in the fetched web content.
- Capability inventory: The agent has the ability to execute shell commands ('uvx', 'uv run', 'curl') and likely has access to standard file and network tools.
- Sanitization: There are no instructions for sanitizing or escaping the data retrieved from external sources before it is interpreted by the model.
- [REMOTE_CODE_EXECUTION]: The skill uses a 'uv run' command with a heredoc to execute a Python script embedded directly in the instructions. This technique involves generating and running code at runtime.
Audit Metadata