press-release-generator
Fail
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses subprocesses to automate data extraction tasks.
- Step 2A uses a
python3heredoc to parse the localdocs/learning-graph/book-metrics.jsonfile. - Step 2B utilizes a shell pipeline (
curl | grep | sed) to extract URL locations from an XML sitemap. - [EXTERNAL_DOWNLOADS]: The skill performs network requests to external domains provided by the user (or templates) using
curl. While intended to fetch sitemaps for content discovery, this involves connecting to non-whitelisted URLs. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to its data ingestion patterns.
- Ingestion points: Untrusted data is retrieved from external websites and sitemaps via
curl, as well as from local repository files likemkdocs.yml. - Boundary markers: The skill does not employ explicit delimiters or instructions to ignore malicious content within the fetched data.
- Capability inventory: The environment allows execution of shell commands (
curl,grep,sed) andpython3scripts. - Sanitization: There is no logic present to sanitize or validate the content of the retrieved sitemaps or web pages before they are used to influence the agent's output.
Recommendations
- HIGH: Downloads and executes remote code from: https://SITE/sitemap.xml - DO NOT USE without thorough review
Audit Metadata