Skills
skills/ultimatile/cuda-x-skills/cuda-webdoc-search/Gen Agent Trust Hub

cuda-webdoc-search

Warn

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The fetch_content function in get.py performs a local file existence check using os.path.exists(source). If the source is a valid path, it opens and reads the file content. This behavior allows for arbitrary file reading on the host system, which could be exploited to access sensitive data like configuration files or credentials if the agent is instructed to use a local path.
  • [EXTERNAL_DOWNLOADS]: The skill is designed to perform network requests to docs.nvidia.com and nvidia.github.io to retrieve Sphinx inventories, Doxygen HTML, and general documentation pages.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) by processing untrusted data from external websites.
  • Ingestion points: Documentation content is fetched from external URLs via requests in fetchers.py and get.py.
  • Boundary markers: Extracted text is formatted into a brace-delimited tree structure, but the system does not include specific instructions to the agent to disregard any commands found within the retrieved text.
  • Capability inventory: The skill possesses capabilities for network communication and local file system access.
  • Sanitization: While HTML tags are removed using BeautifulSoup, the resulting text is not sanitized to prevent natural language instructions from influencing the agent's behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 23, 2026, 07:50 AM