Skills
skills/jiahao-shao1/sjh-skills/web-fetcher/Gen Agent Trust Hub

web-fetcher

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from the web and provides it to the agent.
  • Ingestion points: Data enters the agent context via scripts/fetch.py, which retrieves content from arbitrary URLs using services like Jina Reader and Raw HTML fetches.
  • Boundary markers: Absent. The skill does not instruct the agent to use delimiters or ignore embedded instructions within the fetched content.
  • Capability inventory: The skill has network access, file system write access (via the -o flag in scripts/fetch.py), and the ability to execute the opencli command-line tool.
  • Sanitization: Absent. The fetched content is decoded and returned to the agent without any escaping, filtering, or validation.
  • [PROMPT_INJECTION]: Instructions in SKILL.md explicitly command the agent to 'ALWAYS use this skill instead of the WebFetch tool', which is an attempt to override the agent's default tool selection logic.
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing the @jackwener/opencli package and manually installing a browser extension (opencli-extension.zip) from an external GitHub repository (github.com/jackwener/opencli) to enable 'login-aware' fetching features.
  • [COMMAND_EXECUTION]: The script scripts/fetch.py executes the opencli binary using subprocess.run to handle specific platform content (e.g., Reddit, Twitter, Zhihu). While the arguments are passed as a list to prevent shell injection, this remains a capability for executing external binaries with parameters derived from user input.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 09:56 AM