Skills
skills/kcchien/skills/felo-web-fetch/Gen Agent Trust Hub

felo-web-fetch

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's primary function is to fetch webpage content via the Felo Web Extract API, which matches its stated purpose in the documentation.
  • [SAFE]: Authentication is managed securely through the FELO_API_KEY environment variable, avoiding hardcoded credentials.
  • [SAFE]: Network requests are directed exclusively to openapi.felo.ai, which is the official API domain for the service provided by the skill author.
  • [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by fetching untrusted webpage content. This is a known and inherent risk for all web-fetching tools.
  • Ingestion points: Webpage content retrieved from user-provided URLs in scripts/run_web_fetch.mjs.
  • Boundary markers: No specific delimiters are added by the script to encapsulate the fetched content.
  • Capability inventory: The skill is limited to performing network requests and formatting text; it does not have local command execution or file system access capabilities.
  • Sanitization: The script returns content without additional filtering, relying on the calling agent's safety protocols.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 03:09 PM