directory-submissions

Fail

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: CRITICALEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references a blacklisted domain https://fitprofessionals.net within references/directory-list.md and references/submission-tracker-template.csv. Automated security scanners have flagged this URL as malicious. Recommending users interact with known malicious domains poses a security risk.
  • [COMMAND_EXECUTION]: SKILL.md instructs the agent to verify links using the command curl -sIL [URL] | grep -i rel=. Suggesting the execution of shell commands on external URLs is risky as it can be exploited if the URLs are maliciously crafted or the environment is not isolated.
  • [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection. Ingestion points: Reads marketing context from .agents/product-marketing.md, .claude/product-marketing.md, and product-marketing-context.md. Boundary markers: Absent. Capability inventory: Instructs the agent to suggest curl shell commands. Sanitization: No validation or sanitization of the ingested data is described.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 17, 2026, 03:37 AM
Security Audit — agent-trust-hub — directory-submissions