lgs-search
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires running
playwright install chromiumduring setup, which downloads browser binaries from Microsoft's official infrastructure.- [SAFE]: Store credentials and browser profiles are stored locally in~/.cache/mtg-skills/lgs-profiles/. This is standard behavior for CLI tools managing persistent sessions and does not involve external transmission of secrets.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting external data while possessing browser automation capabilities. - Ingestion points: Card lists provided by users in Phase 1 and content scraped from retail websites (The Gathering Place, Atomic Empire, TCGPlayer, Mana Pool) in Phase 2 and 4.
- Boundary markers: No explicit markers are used to separate untrusted card data or scraped web content from agent instructions.
- Capability inventory: Full browser automation via Playwright, HTTP requests via the requests library, and shell command execution.
- Sanitization: No sanitization or validation of card names or scraped metadata is performed before the data is integrated into the agent's context.
Audit Metadata