sd-journal-browse
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted web data from ScienceDirect, which creates a surface for indirect prompt injection attacks. \n
- Ingestion points: Journal titles, descriptions, and article metadata are extracted from the browser DOM in SKILL.md. \n
- Boundary markers: The template used to present the extracted data to the agent lacks delimiters or specific instructions to ignore any embedded commands. \n
- Capability inventory: The skill utilizes navigate_page, evaluate_script, and click tools to interact with external environments. \n
- Sanitization: No filtering or validation is performed on the scraped content before it is returned to the agent context.
Audit Metadata