sd-parse-results
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it extracts and processes untrusted data from external web pages.
- Ingestion points: ScienceDirect search results (titles, authors, and journal names) are extracted directly from the DOM using document.querySelectorAll('li.ResultItem') within the Javascript block in SKILL.md.
- Boundary markers: The skill does not implement boundary markers or 'ignore embedded instructions' warnings when returning the extracted strings to the agent context.
- Capability inventory: The skill uses the evaluate_script tool for data extraction; while this specific skill lacks write or network capabilities, the data it returns could be used to influence downstream agent behavior.
- Sanitization: The script employs .textContent, which effectively prevents HTML/script injection within the browser, but it does not perform semantic sanitization to filter out potential instructions directed at the AI agent.
Audit Metadata