marketing-retention
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install an external package 'agent-browser' globally via 'npm install -g agent-browser' (found in SKILL.md). This package is not from a trusted organization or the skill author's known resources.
- [REMOTE_CODE_EXECUTION]: Following the installation, the skill executes the package using shell commands such as 'agent-browser --session ...' (found in references/research-playbook.md). Running dynamically installed code from untrusted sources is a significant security risk.
- [COMMAND_EXECUTION]: The skill uses several CLI tools ('npm', 'npx', 'agent-browser') to perform its tasks, including installing browser binaries and running research sessions.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It fetches and processes content from live URLs to perform audits without explicit sanitization or boundary markers to distinguish between instructions and data. Ingestion points: External data enters the agent context via 'agent-browser' output from competitor pages and industry benchmarks (referenced in SKILL.md and references/research-playbook.md). Boundary markers: Absent; no delimiters or 'ignore' warnings are present for untrusted data. Capability inventory: Includes subprocess execution of 'agent-browser' and local file reads/writes within the brand workspace (SKILL.md). Sanitization: Absent; no escaping or validation of external content is specified.
Audit Metadata