grabbit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill requires the agent to run the
grabbitCLI, which facilitates browser interactions and filesystem modifications. This is inherent to the tool's functionality but allows the agent to execute code via the local shell.\n- [EXTERNAL_DOWNLOADS] (LOW): Commands likegrabbit skill installandgrabbit add <workflow-id>indicate that the tool retrieves and installs external packages or configurations. The security of these downloads depends on the Grabbit platform's integrity.\n- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface (Category 8): The skill ingests untrusted web content which may contain malicious instructions targeting the agent or the backend processor.\n - Ingestion points: Web data captured via
grabbit browseand submitted viagrabbit save.\n - Boundary markers: Absent; the skill does not provide specific instructions to the agent to distinguish between its own goals and instructions embedded in captured traffic.\n
- Capability inventory: Access to shell execution through the
grabbitbinary and local file writing during skill installation.\n - Sanitization: None documented within the skill; sanitization is assumed to be handled by the external backend service.\n- [CREDENTIALS_UNSAFE] (SAFE): The skill utilizes environment variables and placeholders for API keys, avoiding the exposure of hardcoded secrets.
Audit Metadata