Skills
skills/cookjohn/wos-skills/wos-navigate-pages/Gen Agent Trust Hub

wos-navigate-pages

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted search results (titles, authors, and metadata) from the Web of Science platform.
  • Ingestion points: Data is retrieved from the /api/wosnx/core/runQuerySearch endpoint and processed in the JavaScript snippet within SKILL.md.
  • Boundary markers: The skill does not implement delimiters or specific instructions to the agent to ignore potential instructions within the retrieved records.
  • Capability inventory: The extracted data is returned as a structured object to the agent context, which may then process or display it.
  • Sanitization: No sanitization or filtering of the bibliographic content is performed before returning it to the agent.
  • [COMMAND_EXECUTION]: The skill uses dynamic script execution to interact with the Web of Science web application.
  • The API-based approach involves constructing and running a JavaScript block intended for execution in the browser context.
  • The script utilizes runtime interpolation of placeholders such as {TARGET_PAGE}, {SAME_QUERY_AS_ORIGINAL_SEARCH}, and {SAME_SORT} to dynamically build the query.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 09:38 AM