Skills
skills/cookjohn/sd-skills/sd-advanced-search/Gen Agent Trust Hub

sd-advanced-search

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses evaluate_script and initScript to execute custom JavaScript within the browser context. This code is used for data extraction (scraping paper titles, authors, and DOIs) and for environmental modification to bypass bot detection (spoofing the navigator.webdriver property).
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it ingests untrusted data from external search results.
  • Ingestion points: Data is ingested in SKILL.md (Step 4) via a JavaScript snippet that extracts text from the ScienceDirect DOM, including paper titles and abstracts.
  • Boundary markers: No explicit delimiters or instructions are used to prevent the agent from obeying potential instructions hidden within the scraped metadata.
  • Capability inventory: The skill has access to navigate_page, evaluate_script, and click capabilities.
  • Sanitization: There is no evidence of sanitization or filtering of the extracted text before it is presented to the agent or the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 06:45 AM