overseas-registry-source-research
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to generate and run Python scripts (e.g., ---download-sample.py) based on provided templates to validate data acquisition feasibility and download samples.\n- [EXTERNAL_DOWNLOADS]: The skill performs network requests to arbitrary external websites and registries using urllib.request.urlopen and Playwright to fetch data artifacts, perform boundary testing, and verify source metadata.\n- [PROMPT_INJECTION]: The skill presents an attack surface for Indirect Prompt Injection (Category 8) by fetching and processing content from untrusted external sources.\n
- Ingestion points: Untrusted data enters the agent's context from external URLs during the discovery and validation gates (Gate 2, 3, 4, 5) described in SKILL.md.\n
- Boundary markers: No specific delimiters or instructions to ignore embedded commands in external data are implemented in the instructions.\n
- Capability inventory: The skill can execute Python scripts, make network requests, and write files, creating a pathway for potentially malicious instructions in external content to influence agent behavior.\n
- Sanitization: No explicit sanitization or validation of the content retrieved from external sources is described before the agent processes it for the final report.
Audit Metadata