forum-research
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- CREDENTIALS_UNSAFE (MEDIUM): The skill instructs the agent to source sensitive credentials from environment variables (
DFINITY_FORUM_PASSWORD) and local configuration files such as~/.config/dfinity-forum/credentials.env. While this is a common pattern for CLI tools, accessing sensitive file paths constitutes a data exposure risk. The severity is mitigated to MEDIUM as this is necessary for the skill's primary function of authenticated forum research. - EXTERNAL_DOWNLOADS (LOW): The skill requires installing
agent-browserfromgithub.com/vercel-labs/agent-browser. Per the [TRUST-SCOPE-RULE], this is a trusted source, and the reference is classified as LOW severity. - COMMAND_EXECUTION (LOW): The documentation includes instructions to execute shell commands (e.g.,
npx skills add,agent-browser launch). These are functional requirements for the skill and target a trusted dependency. - INDIRECT PROMPT INJECTION (LOW): The skill is designed to ingest and summarize content from a public web forum, which is a known surface for indirect prompt injection (Category 8).
- Ingestion points: Forum topic content, user profiles, and search results from
forum.dfinity.orgvia JSON endpoints. - Boundary markers: Absent. The instructions do not specify delimiters or warnings for the agent to ignore instructions embedded in the forum data.
- Capability inventory: The agent has access to
agent-browser, which can navigate URLs, fill forms, and click elements, creating a significant impact if an injection is successful. - Sanitization: No explicit sanitization or validation of the ingested forum content is performed before processing.
Audit Metadata