javascript-surface-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it instructs the agent to ingest and analyze untrusted JavaScript code from user-provided URLs. An attacker could place malicious instructions inside code comments or string literals on a target website to influence the agent's behavior.
- Ingestion points: Untrusted data enters the context via the
target_urlandseed_pagesinputs. - Boundary markers: The instructions do not specify any delimiters or safety markers to help the agent distinguish between its own instructions and the content of the scripts being analyzed.
- Capability inventory: The agent is required to perform deep parsing, logic extraction, and 'controllability assessment' on external code, which requires significant processing of untrusted input.
- Sanitization: There is no mention of sanitizing, escaping, or filtering the content fetched from external sources before the agent processes it.
Audit Metadata