regulars
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Indirect Prompt Injection Surface. The skill navigates and interacts with external websites, which represents an indirect prompt injection surface. An attacker-controlled website could potentially include text designed to manipulate the agent's behavior.\n
- Ingestion points: External website content loaded into the browser context via browser MCP tools referenced in SKILL.md.\n
- Boundary markers: The Agent Prompt Template uses structured headers and specific role-play instructions to delineate agent tasks from site content.\n
- Capability inventory: Browser navigation, screenshot capture, and UI interactions (clicking/typing) as defined in the Workflow and Agent Prompt sections.\n
- Sanitization: Includes a 'no-code guard' instruction specifically telling agents not to read source code or project files, focusing purely on human-like visual interaction.
Audit Metadata