minion-fetch
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes
npxto download and execute theminion-fetchpackage from the NPM registry at runtime. - [COMMAND_EXECUTION]: The skill uses shell commands to invoke the fetching tool with various arguments such as headers, methods, and processing flags.
- [PROMPT_INJECTION]: The skill processes content from external URLs, creating a surface for indirect prompt injection where malicious instructions embedded in a web page or API response could attempt to influence the agent's behavior.
- Ingestion points: External content retrieved from URLs via the
minion-fetchcommand. - Boundary markers: None specified; fetched content is returned to the agent without explicit delimiters.
- Capability inventory: Network access (fetching), JSON transformation via
jq, and HTML-to-Markdown conversion. - Sanitization: No explicit sanitization or filtering of the remote content is described in the skill's instructions.
Audit Metadata