safari-explore
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. During the OBSERVE phase, the agent is directed to read source code and capture content from URLs using the glimpse tool. Ingestion points: Code files found via gf and rendered web content from glimpse. Boundary markers: Absent; the instructions do not include delimiters to isolate untrusted data. Capability inventory: The agent can execute commands via uv run and gf, and write journal files. Sanitization: Absent; there is no evidence of data sanitization before it is processed.
- [COMMAND_EXECUTION]: The skill uses uv run and gf to execute local auditing and search tools. These represent powerful capabilities that, while used legitimately here, could be misused if the agent is influenced by malicious instructions embedded in audited content.
Audit Metadata