godfetch
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill instructions in
SKILL.mdandreferences/deps-dev.mdrepeatedly direct the agent to "Do not read script source code." This directive restricts the agent's transparency and oversight of its own functional components. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by ingesting untrusted external data into the agent's context.
- Ingestion points: Documentation indices and site content fetched via
llms-probe.shandWebFetch, and source code files cloned viagit-clone.sh. - Boundary markers: Absent; the instructions do not implement delimiters or safety warnings for the agent to ignore instructions embedded in the external content.
- Capability inventory: The skill can execute shell scripts, Python scripts, perform network operations via
curlandgit, and run Node.js packages viabunx. - Sanitization: Absent; content from external sources is processed without documented validation or filtering.
- [COMMAND_EXECUTION]: The script
scripts/llms-probe.shutilizes the-k(insecure) flag withcurl, which bypasses SSL certificate validation. This practice is a security best-practice violation that could expose the agent to potential man-in-the-middle attacks when fetching documentation from remote servers. - [EXTERNAL_DOWNLOADS]: The skill performs remote operations including cloning public git repositories, fetching documentation files via
curl, and executing thectx7documentation search utility viabunx.
Audit Metadata