portfolio-audit
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from external websites.
- Ingestion points: The skill uses
npx agent-browser snapshotandnpx agent-browser screenshotto ingest content from arbitrary URLs provided by the user (SKILL.md). - Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from following malicious instructions found within the audited web pages.
- Capability inventory: The agent has access to the
Bashtool (restricted tonpx agent-browser:*commands) and theReadtool (restricted to/tmp/*), which allow it to navigate, click elements, and read temporary files (SKILL.md). - Sanitization: No sanitization or filtering of the retrieved web content is performed before the agent analyzes it.
- [EXTERNAL_DOWNLOADS]: The skill uses
npxto download and execute theagent-browsertool at runtime. - Evidence: The skill instructions (README.md and SKILL.md) call for
npx agent-browser installand variousnpx agent-browsersubcommands.
Audit Metadata