Skills
skills/crawlio-app/crawlio-plugin/observe/Gen Agent Trust Hub

observe

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it processes untrusted data from the web.
  • Ingestion points: Data enters the context via the get_observations function, which retrieves extension captures including console logs, network requests, and DOM content.
  • Boundary markers: The documentation lacks specifications for delimiters or 'ignore embedded instructions' warnings for the log data.
  • Capability inventory: The skill documentation references a finding skill that converts these observations into insights, providing a path for injected content to influence agent logic.
  • Sanitization: There is no mention of sanitization, filtering, or validation of the captured raw web data.
  • [NO_CODE]: The skill is composed entirely of markdown documentation and metadata and does not provide or execute any code files, scripts, or package installations.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 12:06 AM