godfetch

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions in SKILL.md and references/deps-dev.md repeatedly direct the agent to "Do not read script source code." This directive restricts the agent's transparency and oversight of its own functional components.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by ingesting untrusted external data into the agent's context.
  • Ingestion points: Documentation indices and site content fetched via llms-probe.sh and WebFetch, and source code files cloned via git-clone.sh.
  • Boundary markers: Absent; the instructions do not implement delimiters or safety warnings for the agent to ignore instructions embedded in the external content.
  • Capability inventory: The skill can execute shell scripts, Python scripts, perform network operations via curl and git, and run Node.js packages via bunx.
  • Sanitization: Absent; content from external sources is processed without documented validation or filtering.
  • [COMMAND_EXECUTION]: The script scripts/llms-probe.sh utilizes the -k (insecure) flag with curl, which bypasses SSL certificate validation. This practice is a security best-practice violation that could expose the agent to potential man-in-the-middle attacks when fetching documentation from remote servers.
  • [EXTERNAL_DOWNLOADS]: The skill performs remote operations including cloning public git repositories, fetching documentation files via curl, and executing the ctx7 documentation search utility via bunx.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 08:20 AM
Security Audit — agent-trust-hub — godfetch