zipcode-search
Fail
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is vulnerable to a Local File Read attack. The
curl --data-urlencodecommand in the Python script directly interpolates the user's address query. By providing an input starting with the@symbol (e.g.,@/etc/passwd), an attacker can forcecurlto read local files and send their contents to the official ePost server.\n- [COMMAND_EXECUTION]: The skill usessubprocess.runto execute thecurlcommand-line tool from within a Python environment.\n- [REMOTE_CODE_EXECUTION]: The skill employs a dynamic execution pattern by wrapping a Python script in a shell here-doc. While the code is provided within the skill, this method of execution represents a higher risk profile for code injection if combined with other vulnerabilities.\n- [DATA_EXFILTRATION]: The skill exhibits an Indirect Prompt Injection surface. It fetches and processes HTML data from an external official source and presents it to the agent for normalization without sufficient verification.\n - Ingestion points: HTML response from
parcel.epost.go.krinSKILL.md.\n - Boundary markers: Absent.\n
- Capability inventory:
subprocess.runandcurlnetwork access.\n - Sanitization: Limited to
html.unescapefor display purposes.
Recommendations
- AI detected serious security threats
Audit Metadata