wos-download
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill parses external web content from academic publisher sites, which presents a risk of indirect prompt injection. * Ingestion points: Data is extracted from web pages in SKILL.md during Step 2 and Step 4 using document.querySelector. * Boundary markers: There are no explicit markers or instructions to isolate untrusted web content from the agent's logic. * Capability inventory: The skill has the ability to navigate pages, click elements, and execute browser scripts. * Sanitization: No evidence of data sanitization or validation is present for the ingested text.
- [COMMAND_EXECUTION]: The skill uses browser automation commands to navigate websites and interact with page elements, including an initialization script that modifies the browser's navigator.webdriver property to bypass automated bot detection.
- [EXTERNAL_DOWNLOADS]: The skill triggers the download of PDF files from external publisher domains to the user's local system based on findings from the Web of Science database.
Audit Metadata