page-inspector
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by navigating to arbitrary URLs and extracting DOM structure and CSS properties.
- Ingestion points:
TARGET_URL(SKILL.md) derived from user arguments. - Boundary markers: Absent. The instructions do not provide delimiters or warnings to ignore embedded instructions within the scraped content.
- Capability inventory: The skill utilizes
Bash,Write, andSkill("pinchtab"), allowing for filesystem modifications and further browser interactions. - Sanitization: Absent. The extracted data is written directly into an output report file without filtering or escaping.
- [COMMAND_EXECUTION]: The skill uses the
Bashtool for local environment setup. - Evidence: Execution of
mkdir -pto create the output directory for screenshots. - [CREDENTIALS_UNSAFE]: The skill instructions direct the agent to "attempt to find credentials from environment variables" if a page requires authentication. While functional, this encourages the agent to search for sensitive data in its environment, which could lead to unintended exposure if the environment contains secrets unrelated to the target site.
Audit Metadata