Skills
skills/gwenwindflower/.charmschool/dogfood/Gen Agent Trust Hub

dogfood

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it systematically explores and ingests content from external, untrusted websites to determine its testing strategy.
  • Ingestion points: The skill utilizes agent-browser snapshot and snapshot -i commands in SKILL.md to extract information from the target application under test.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard commands or instructions found within the ingested web content.
  • Capability inventory: The skill can perform browser interactions (clicking, typing, navigation) and file system operations (creating directories and copying files) as defined in SKILL.md.
  • Sanitization: Web content is not sanitized, escaped, or validated before it is processed by the agent to make decisions about subsequent actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 12:39 PM