Skills
skills/agent-sh/agentsys/web-auth/Gen Agent Trust Hub

web-auth

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the node command to run a script at /Users/avifen/.agentsys/plugins/web-ctl/scripts/web-ctl.js. This is a vendor-related tool for the 'agent-sh' plugin ecosystem, though it uses a hardcoded absolute user path.\n- [PROMPT_INJECTION]: The skill processes untrusted data from web pages, creating a surface for indirect prompt injection. \n
  • Ingestion points: Web content captured during authentication and verification steps in SKILL.md. \n
  • Boundary markers: Present; the skill uses [PAGE_CONTENT: ...] delimiters to separate external content. \n
  • Capability inventory: Shell command execution via the node script. \n
  • Sanitization: Includes explicit safety instructions in the prompt injection warning section to ignore embedded commands.\n- [EXTERNAL_DOWNLOADS]: The skill references installing browser binaries and the Playwright framework via npm and npx, which are standard operations for browser automation tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 07:32 PM