Skills
skills/decolua/9router/9router-web-fetch/Gen Agent Trust Hub

9router-web-fetch

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references setup instructions and configuration located in the author's (decolua) official GitHub repository.
  • [COMMAND_EXECUTION]: Documentation includes example shell commands using curl and jq to help users discover available models and test the API endpoints.
  • [PROMPT_INJECTION]: As a web-scraping tool, the skill creates a surface for indirect prompt injection by ingesting untrusted data from external URLs.
  • Ingestion points: Web content retrieved from user-provided URLs via the 9router API.
  • Boundary markers: None specified in the instructions to separate fetched content from agent instructions.
  • Capability inventory: Network operations (fetching external web content).
  • Sanitization: No explicit sanitization or filtering of the fetched content is described in the skill metadata.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 11:22 AM
Security Audit — agent-trust-hub — 9router-web-fetch