cnki-navigate-pages
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface where user-controlled arguments are interpolated into JavaScript templates for browser execution.
- Ingestion points: The $ARGUMENTS provided by the user are used to replace ACTION_HERE and SORT_HERE placeholders in the script.
- Boundary markers: No delimiters or specific instructions are included to isolate these arguments from the rest of the script logic.
- Capability inventory: The skill utilizes evaluate_script, which allows it to interact with the DOM and perform actions in the browser context.
- Sanitization: The logic includes basic sanitization, such as using regex to extract digits for pagination and a predefined map for valid sort options.
- [COMMAND_EXECUTION]: The skill performs dynamic script generation by constructing JavaScript functions from templates and executing them using the evaluate_script tool.
- Evidence: The skill documentation describes how to build and execute asynchronous JavaScript functions by injecting user-defined actions and sort parameters.
Audit Metadata