skool-monitor
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from Skool posts and comments, creating a surface for indirect prompt injection.
- Ingestion points: The scripts
scripts/skool_scraper.py,scripts/skool_comment_scraper.py, andscripts/skool_unreads.pyfetch post titles, body content, and comment text. - Boundary markers: There are no specific delimiters or markers used to isolate external content from the agent's internal instructions.
- Capability inventory: The skill utilizes Playwright for browser control (subprocess execution), performs network requests to Skool's API, and writes data to local files.
- Sanitization: Community-sourced content is processed as raw text without sanitization or filtering for adversarial instructions.
- [COMMAND_EXECUTION]: The skill uses browser automation tools to interact with the platform.
- Evidence:
scripts/skool_browser_client.pyandscripts/skool_comment_scraper.pyinitiate and manage Chromium browser instances using Playwright to handle AWS WAF token generation and session management.
Audit Metadata