Skills
skills/karthrand/karthrand-ai-public/tinyfish/Gen Agent Trust Hub

tinyfish

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the tinyfish command-line utility to execute browser automation, search, and data retrieval tasks. These commands are executed locally but interface with a remote backend.
  • [EXTERNAL_DOWNLOADS]: The CLI tool communicates with the vendor's infrastructure at agent.tinyfish.ai and tinyfish.io to coordinate remote browser sessions and automation runs.
  • [DATA_EXFILTRATION]: While providing legitimate functionality, the skill transmits task instructions ('goals') and target URLs to the TinyFish cloud environment for execution. This is a standard part of the tool's operation for cloud-based browser automation.
  • [PROMPT_INJECTION]: The skill is a conduit for processing external web content. There is a risk of indirect prompt injection if target websites contain malicious instructions intended to hijack the agent's goal during browser automation tasks. Users should verify the reputation of sites being automated.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 05:31 AM