opencli-explorer
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill includes prescriptive directives aimed at steering the AI agent's behavior during exploration (e.g., "You (AI Agent) must through browser open target website to explore!", "AI Agent exploration workflow (must follow)"). These instructions act as meta-directives for the agent's interaction model. This also creates a surface for indirect prompt injection as the agent is instructed to process untrusted data from the web.
- Ingestion points:
browser_network_requests,fetch,page.evaluate(SKILL.md) - Boundary markers: None explicitly defined for external content.
- Capability inventory: Shell command execution (
opencli), browser automation (page.evaluate,browser_click), and network requests. - Sanitization: The documentation mentions utility functions like
stripHtmland the use ofJSON.stringifyfor escaping data. - [DATA_EXFILTRATION]: The documentation provides instructions on how to intercept network traffic to capture authentication metadata, specifically mentioning Cookies, Bearer tokens, and CSRF headers. While documented for the purpose of authentication to legitimate services during adapter development, these techniques represent a capability for harvesting sensitive session data.
- [COMMAND_EXECUTION]: The skill utilizes browser automation tools (
page.evaluate,browser_click) to execute JavaScript within web page contexts and provides instructions for running CLI commands (opencli) for testing and deployment of new adapters. - [EXTERNAL_DOWNLOADS]: The documentation provides numerous examples of fetching data from external domains (e.g., Bilibili, Reddit, V2EX, Twitter) for the purpose of API discovery and data extraction.
Audit Metadata