audit-site
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and analyze untrusted data from external websites, creating a surface for indirect prompt injection. \n
- Ingestion points:
start_crawl(website HTML) andget_observations(browser console logs and network requests via extension). \n - Boundary markers: Absent. The instructions do not define delimiters for external content or provide warnings to the agent to ignore embedded instructions. \n
- Capability inventory:
save_project,export_site,create_finding. These tools allow persistence and data export but are controlled tool calls rather than arbitrary shell access. \n - Sanitization: Absent. There is no mention of filtering or escaping web content before processing. \n
- Contextual Adjustment: The severity is lowered to SAFE because this exposure is inherent to the intended primary purpose of site auditing and no high-risk capabilities like code execution or local file access are exposed. \n- [No Code] (SAFE): The skill consists entirely of markdown instructions and YAML metadata. It does not include scripts, binary executables, or configuration files that could facilitate direct code execution.
Audit Metadata