directory-submissions
Fail
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references a blacklisted domain
https://fitprofessionals.netwithinreferences/directory-list.mdandreferences/submission-tracker-template.csv. Automated security scanners have flagged this URL as malicious. Recommending users interact with known malicious domains poses a security risk. - [COMMAND_EXECUTION]:
SKILL.mdinstructs the agent to verify links using the commandcurl -sIL [URL] | grep -i rel=. Suggesting the execution of shell commands on external URLs is risky as it can be exploited if the URLs are maliciously crafted or the environment is not isolated. - [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection. Ingestion points: Reads marketing context from
.agents/product-marketing.md,.claude/product-marketing.md, andproduct-marketing-context.md. Boundary markers: Absent. Capability inventory: Instructs the agent to suggestcurlshell commands. Sanitization: No validation or sanitization of the ingested data is described.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata