canary-watch
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [SAFE]: The skill is designed for monitoring website availability and performance regressions, involving standard operations like checking HTTP 200 statuses and performance baselines.
- [NO_CODE]: The skill does not include any executable scripts or binaries; it is composed entirely of markdown instructions for the AI agent.
- [PROMPT_INJECTION]: The skill processes untrusted content from external URLs, which creates a potential surface for indirect prompt injection. Ingestion points: Data is pulled from user-supplied URLs during the 'watch' loop. Boundary markers: No explicit delimiters or isolation instructions are provided to separate external page content from agent instructions. Capability inventory: The skill has the capability to write to local logs (~/.claude/canary-watch.log) and send data to user-defined webhooks. Sanitization: No sanitization or validation of the remote content is specified.
Audit Metadata