web-auth
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process untrusted web content, creating a surface for indirect prompt injection, though it includes mitigation markers.
- Ingestion points: Content is ingested from external websites during authentication verification and snapshots in
SKILL.md. - Boundary markers: The skill defines the
[PAGE_CONTENT: ...]delimiter and provides explicit instructions for the agent to ignore instructions within these blocks. - Capability inventory: The skill can execute local Node.js scripts and manage authenticated browser sessions.
- Sanitization: There is no automated sanitization of ingested content described; it relies on LLM adherence to the provided instructions.
- [COMMAND_EXECUTION]: The skill executes a local script provided by the vendor to manage sessions and authentication.
- Evidence: The skill invokes
node /Users/avifen/.agentsys/plugins/web-ctl/scripts/web-ctl.jsto perform its primary functions. This is a vendor-owned resource associated with the author 'avifenesh'. - [EXTERNAL_DOWNLOADS]: The skill references the installation of standard browser automation tools from well-known sources.
- Evidence: The documentation suggests using
npx playwright install chromiumto resolve missing dependencies. Playwright is a well-known service provided by Microsoft.
Audit Metadata