Skills
skills/mgd34msu/goodvibes-gemini/sharp/Gen Agent Trust Hub

sharp

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill documents an image proxy pattern that ingests untrusted data from a URL parameter, creating an indirect injection and SSRF vulnerability surface. \n
  • Ingestion points: searchParams.get('url') in the Next.js API route example in SKILL.md. \n
  • Boundary markers: None present in the example code. \n
  • Capability inventory: fetch() network requests and complex image processing. \n
  • Sanitization: No URL validation, domain whitelisting, or protocol checking is implemented in the documentation example. \n- [DATA_EXFILTRATION]: The SSRF vulnerability surface identified in the Next.js / API Routes section could allow an attacker to probe internal network resources, access internal services, or retrieve cloud instance metadata (e.g., AWS IMDS). \n- [EXTERNAL_DOWNLOADS]: The skill documents and provides examples for fetching content from remote URLs using the fetch API for server-side processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 07:53 AM