build-giselle-agent
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install legitimate packages from the vendor (@giselles-ai) and trusted organizations (Vercel's ai and @ai-sdk/react) via NPM.
- [COMMAND_EXECUTION]: Provides standard shell commands for package installation (pnpm add) and running the local development environment (pnpm dev).
- [DATA_EXFILTRATION]: Manages authentication using environment variables (GISELLE_AGENT_API_KEY) to connect to the vendor's official cloud API (studio.giselles.ai). This is the intended functionality for the service.
- [PROMPT_INJECTION]: The generated agent architecture includes a surface for indirect prompt injection, as the agent reads the browser's DOM via the getFormSnapshot tool. This capability is the primary feature of the SDK, allowing the agent to understand and interact with the user's UI. The provided templates include structural definitions for the agent's behavior but do not implement specific sanitization for the DOM content, which is typical for a basic scaffolding tool.
Audit Metadata