web
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from arbitrary web URLs, creating a surface for indirect prompt injection attacks where malicious instructions on a webpage could influence the agent's behavior.
- Ingestion points: External content is retrieved and processed through the
/v1/crawland/v1/searchendpoints. - Boundary markers: The documentation does not specify the use of delimiters or guardrail instructions to separate retrieved web content from system instructions.
- Capability inventory: While the skill contains no local scripts, it uses the
x402_paymenttool to interact with the Solana blockchain. - Sanitization: There is no mention of sanitization or filtering of the retrieved content before it is passed to the agent.
- [DATA_EXFILTRATION]: The skill sends data (URLs and search queries) to the external domain
web.surf.cascade.fyi. This behavior is the primary intended function of the skill and targets the vendor's own infrastructure. - [NO_CODE]: The skill does not contain any local executable scripts or binary files, relying entirely on tool calls to an external API.
Audit Metadata