Skills
skills/aaaaqwq/claude-code-skills/soushen-hunter/Gen Agent Trust Hub

soushen-hunter

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill extracts browser cookies from visited websites and includes them in the structured JSON output returned to the agent.
  • File: scripts/bing_search.py (Line 242)
  • Evidence: cookies = await self.page.context.cookies() is called and stored in the PageElements object, which is then serialized and printed to stdout.
  • [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by scraping and returning raw text content, headings, and metadata from arbitrary third-party websites without sanitization.
  • File: scripts/bing_search.py (Lines 183-287)
  • Ingestion points: extract_page_elements method processes untrusted content from user-specified URLs.
  • Boundary markers: No delimiters or warnings are added to the extracted content to distinguish it from system instructions.
  • Capability inventory: The skill has the capability to navigate to any URL and execute arbitrary JavaScript in the context of that page via Playwright.
  • Sanitization: While it removes script/style tags via a cleanText helper, it does not sanitize the text for malicious natural language instructions that could influence the LLM's behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 01:18 AM