detect-freight-led-inflation-turn
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The script
scripts/fetch_via_cdp.pyuses the Chrome DevTools Protocol (CDP) to execute JavaScript within a running browser. The workflow inworkflows/quick-check.mdinstructs users to launch Chrome with--remote-debugging-port=9222and--remote-allow-origins=*, which effectively disables important browser security boundaries and allows the skill to control the browser programmatically. - DATA_EXFILTRATION (LOW): While the skill's primary purpose is scraping economic data, the use of CDP gives the script the technical capability to access cookies, local storage, and DOM content from any open browser tab. Although no malicious exfiltration code was detected, this represents a significant security surface.
- INDIRECT_PROMPT_INJECTION (LOW): The skill ingests untrusted data from an external website (
macromicro.me) to generate reports. An attacker who compromises or controls the data on that site could attempt to inject instructions into the generated JSON/Markdown. - Ingestion points:
scripts/fetch_via_cdp.pyextracts data from the Highcharts objects on the target website. - Boundary markers: Absent; the output templates (
templates/output-json.md) do not use clear delimiters or instructions to ignore embedded commands in the data fields. - Capability inventory: The skill can execute browser-level JavaScript and write files to the local
cache/directory. - Sanitization: Absent; data is parsed as JSON directly from the browser's JavaScript execution result without validation.
- EXTERNAL_DOWNLOADS (LOW): The skill depends on several external Python packages (
pandas,selenium,websocket-client) and requires network access to fetch data frommacromicro.meandfred.stlouisfed.org.
Audit Metadata