page-inspector
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The execution section explicitly instructs the agent to 'attempt to find credentials from environment variables' when a page requires authentication. This encourages the proactive searching of the system environment for sensitive secrets like API keys or passwords.
- [COMMAND_EXECUTION]: The skill requests access to the Bash tool and directs its use for filesystem tasks such as directory creation. The provision of a shell environment allows for broader system interactions than required for the stated purpose.
- [INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its core functionality. 1. Ingestion points: The skill navigates to and extracts data from a target URL provided in the arguments ($ARGUMENTS[0]). 2. Boundary markers: No delimiters or instructions are used to distinguish or ignore embedded instructions within the ingested page content. 3. Capability inventory: The skill utilizes Bash, Write, and evaluate_script tools as defined in SKILL.md. 4. Sanitization: There is no validation or filtering of the content retrieved from the web page before it is processed by the model.
- [DATA_EXFILTRATION]: By combining environment variable access with navigation to user-supplied (or potentially attacker-controlled) URLs, the skill creates a risk that sensitive local data could be transmitted to an external server during an automated authentication attempt.
Audit Metadata