marketing-sostac
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill attempts to install the 'agent-browser' package and 'playwright' via 'npm install -g' and 'npx' in the 'references/auto-discovery.md' file. These are external dependencies from a third-party source not on the trusted vendors list.
- [COMMAND_EXECUTION]: The skill uses shell commands to automate research and install tooling. It executes 'agent-browser' commands to visit URLs and scrape text, and uses 'npm' and 'npx' for environment setup.
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) because it fetches and synthesizes data from attacker-controllable external sources like Reddit, Quora, G2, and Trustpilot.
- Ingestion points: Web scraping of public forums and review platforms as defined in 'references/auto-discovery.md'.
- Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands in the scraped data.
- Capability inventory: The skill can write files to the filesystem and execute shell commands for research.
- Sanitization: No evidence of validation or sanitization of the external text before it is processed by the LLM.
Audit Metadata