marketing-pricing
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to install software and perform browser-based research.
- Evidence:
npm install -g agent-browser && npx playwright install chromiuminSKILL.mdis used for environment setup. - Evidence: The skill uses CLI commands like
agent-browser screenshotandagent-browser get text bodyto interact with external websites. - [EXTERNAL_DOWNLOADS]: The skill downloads and installs third-party packages from public registries.
- Evidence: Installation of
agent-browserfrom the npm registry. - Evidence: Downloads the Chromium browser via Playwright's official installation command.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its broad ingestion of untrusted web content combined with codebase-modification capabilities.
- Ingestion points: The skill fetches the full text body of external websites (competitor pricing pages, G2 reviews, Reddit, and the Wayback Machine) as defined in the 'Research Mode' section of
SKILL.md. - Boundary markers: Absent. The agent is instructed to extract information from the raw text body without the use of delimiters or 'ignore' instructions for embedded content.
- Capability inventory: The skill features an 'Implementation Mode' (
SKILL.mdContext B) which allows the agent to modify the local codebase, including templates, routing, and dependencies. It also has command execution capabilities for package installation. - Sanitization: No sanitization or validation of the fetched web content is performed before it is processed by the agent to generate recommendations or code changes.
Audit Metadata