fetch
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection due to its core function of ingesting untrusted external data.
- Ingestion points: Untrusted content enters the agent's context from user-provided URLs processed by
web_fetch,crwl, andbrowser-useas described inSKILL.mdandreferences/tool-catalog.md. - Boundary markers: Absent; the instructions do not define delimiters or provide specific directives for the agent to ignore instructions embedded within the fetched content.
- Capability inventory: The skill possesses network access via crawling tools and returns the extracted content for further processing or display.
- Sanitization: Absent; the skill extracts Markdown content from the source without sanitizing for malicious prompts or hidden instructions.
- [COMMAND_EXECUTION]: The skill invokes external CLI tools (
crwlandbrowser-use) using user-provided URL arguments to perform its extraction logic. - [COMMAND_EXECUTION]: The skill uses dynamic JavaScript evaluation (
browser-use eval) to interact with the DOM and extract specific text elements such as titles and article bodies.
Audit Metadata