marketing-pr
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install external Node.js packages if they are not present. Specifically, it recommends running
npm install -g agent-browserandnpx playwright install chromium. While Playwright is a well-known library from a trusted organization (Microsoft),agent-browseris an unverified dependency from an unknown source.\n- [COMMAND_EXECUTION]: The skill executes shell commands to perform environment setup and automated research. This includes the use ofnpmandnpxfor package management, and theagent-browsertool for web navigation, text extraction, and session management.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and processes content from external websites (Google News, LinkedIn, Connectively) to inform its PR strategies and pitches. An attacker who controls content on these pages could potentially influence the agent's behavior.\n - Ingestion points: Data is fetched from public URLs using the
agent-browsertool in the Research Mode section ofSKILL.md.\n - Capability inventory: The skill can execute shell commands and write files to the local file system (e.g., in the
./brands/directory).\n - Sanitization: There is no evidence of sanitization or filtering applied to the retrieved web content before it is processed by the agent.\n
- Boundary markers: The instructions do not define clear boundary markers or provide explicit safety warnings to the agent to ignore instructions embedded in external data.
Audit Metadata