gangnamunni-clinic-search
Warn
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill requires the installation and execution of an external NPM package
gangnamunni-clinic-search. It specifically suggests usingnpx, which downloads and runs code from the NPM registry. This poses a risk if the package name is hijacked, typosquatted, or if the package contains malicious logic. - [COMMAND_EXECUTION]: The instructions include a CLI workflow that involves executing shell commands (
npx gangnamunni-clinic-search) to retrieve data. Using user-supplied keywords as arguments for CLI tools can lead to command injection if not properly sanitized by the underlying package. - [EXTERNAL_DOWNLOADS]: The skill performs HTTP requests to
www.gangnamunni.comto fetch search results and process Next.js payloads. While the domain is a known service, fetching and parsing external HTML content introduces external data into the agent's context. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from a third-party website.
- Ingestion points: External data enters the agent context via the
__NEXT_DATA__payload on the Gangnam Unni search results page, specifically theprops.pageProps.hospitalsarray. - Boundary markers: The skill instructions do not specify any delimiters or instructions to ignore embedded commands within the fetched data.
- Capability inventory: The agent has the capability to execute shell commands via
npxand perform network operations. - Sanitization: There is no evidence of sanitization, filtering, or validation of the fetched web content before it is parsed and presented to the user.
Audit Metadata