Skills
skills/autumnsgrove/groveengine/rabbit-inspect/Gen Agent Trust Hub

rabbit-inspect

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by ingesting untrusted data from external sources.
  • Ingestion points: External website content is captured via screenshots using the Glimpse tool from a user-provided target_url in Phase 1 (ARRIVE).
  • Boundary markers: There are no explicit instructions or delimiters used to ensure the agent ignores potential instructions embedded within the visual content of the analyzed screenshots during Phase 2 (LOOK).
  • Capability inventory: The skill possesses the capability to execute local tools via uv run and create remote GitHub issues using the gw gh issue create command in Phase 5 (BURROW).
  • Sanitization: No sanitization, filtering, or validation of the content on the target URL is performed prior to processing and analysis.
  • [COMMAND_EXECUTION]: The skill constructs shell commands that incorporate external variables such as {target_url} and {tenant}. Specifically, it uses uv run to execute a local vendor tool (tools/glimpse) and gw gh to interact with GitHub. While the inputs are quoted in the templates, this pattern represents a command execution surface.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 06:13 AM