normies
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it directs the agent to browse and analyze content from external websites which could contain malicious or overriding instructions.
- Ingestion points: External website content accessed via browser MCP tools as defined in the 'Agent Prompt Template' within
SKILL.md. - Boundary markers: The prompt template provides a clear persona and structure but does not include explicit delimiters or instructions to ignore commands that may be embedded in the HTML or text of the site being visited.
- Capability inventory: The skill utilizes browser MCP tools for site navigation and screenshots; it does not demonstrate capabilities for file system modification or arbitrary shell command execution.
- Sanitization: There is no evidence of content sanitization or filtering of the data retrieved from the website before it is processed by the agent.
- [NO_CODE]: The skill does not contain any executable scripts or binaries. It functions entirely through natural language instructions and structured prompt templates for role-playing scenarios.
Audit Metadata