sweetlink
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): Vulnerability surface identified. Ingestion points: browser DOM, console, and network logs (SKILL.md); Boundary markers: None; Capability inventory:
dom click,dom type,browser open,screenshot(SKILL.md); Sanitization: None. This allows malicious web content to influence agent actions via the browser-agent bridge. - [Data Exposure & Exfiltration] (HIGH): The skill targets the user's
--profile default(SKILL.md), exposing authenticated session cookies, history, and private browser data to the agent context, which could lead to unauthorized data access. - [Privilege Escalation] (HIGH): The
sweetlink trust-cacommand (SKILL.md) requires administrative privileges to modify the system's root certificate trust store, a high-risk system-level change. - [Unverifiable Dependencies] (MEDIUM): The skill installs the
sweetlinkpackage viapnpmfrom an untrusted third-party source (GitHub: steipete/sweetlink) rather than a verified organization.
Recommendations
- AI detected serious security threats
Audit Metadata