geo
Warn
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
/geo updatecommand pulls updates from an undefined 'upstream' source. This mechanism lacks a verified source URL or integrity checks in the provided documentation. - [COMMAND_EXECUTION]: The
/geo report-pdfcommand executes a Python script (generate_pdf_report.py) located in the skill's directory using theBashtool. - [REMOTE_CODE_EXECUTION]: The presence of a self-update command (
/geo update) alongside the capability to execute local scripts viaBashcreates a potential vector for remote code execution if the update source is malicious or compromised. - [PROMPT_INJECTION]: The skill performs automated fetching and analysis of external website content using
WebFetch. This creates a surface for indirect prompt injection where malicious instructions embedded in a scanned website's HTML, metadata, orllms.txtcould attempt to influence the agent's logic or data processing. - Ingestion points: External URLs (HTML, robots.txt, sitemap.xml) are fetched during Phase 1 and Phase 2 of the audit.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified for the ingested content in the orchestration logic.
- Capability inventory: The skill has access to
Bash,Write,WebFetch, and the ability to execute Python scripts. - Sanitization: No sanitization, escaping, or filtering of the fetched external content is documented before it is delegated to subagents.
Audit Metadata