geo

Warn

Audited by Gen Agent Trust Hub on May 29, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The /geo update command pulls updates from an undefined 'upstream' source. This mechanism lacks a verified source URL or integrity checks in the provided documentation.
  • [COMMAND_EXECUTION]: The /geo report-pdf command executes a Python script (generate_pdf_report.py) located in the skill's directory using the Bash tool.
  • [REMOTE_CODE_EXECUTION]: The presence of a self-update command (/geo update) alongside the capability to execute local scripts via Bash creates a potential vector for remote code execution if the update source is malicious or compromised.
  • [PROMPT_INJECTION]: The skill performs automated fetching and analysis of external website content using WebFetch. This creates a surface for indirect prompt injection where malicious instructions embedded in a scanned website's HTML, metadata, or llms.txt could attempt to influence the agent's logic or data processing.
  • Ingestion points: External URLs (HTML, robots.txt, sitemap.xml) are fetched during Phase 1 and Phase 2 of the audit.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified for the ingested content in the orchestration logic.
  • Capability inventory: The skill has access to Bash, Write, WebFetch, and the ability to execute Python scripts.
  • Sanitization: No sanitization, escaping, or filtering of the fetched external content is documented before it is delegated to subagents.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 29, 2026, 12:37 AM
Security Audit — agent-trust-hub — geo