Emily Web Fetch

The skill provides a tool to fetch web content via HTTP/HTTPS, but the implementation in index.js lacks any URL validation or IP blacklisting. This creates a significant Server-Side Request Forgery (SSRF) vulnerability, potentially allowing the agent to access internal network resources or metadata services (e.g., 169.254.169.254). While the behavior aligns with the stated purpose in SKILL.md and there is no evidence of intentional malice, the high-risk nature of unconstrained network requests warrants a suspicious classification.