profile-website-bot-detection
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from target websites (headers, cookies, and page content) which is used to generate a summary report, creating a surface for indirect prompt injection. 1. Ingestion points:
scripts/test-kernel-bot-detection.tscaptures data via network monitoring and DOM evaluation for text extraction. 2. Boundary markers: Absent in theSKILL.mdreporting instructions; the agent is not told to ignore embedded commands in the collected data. 3. Capability inventory: The skill utilizes browser automation and local file writing but lacks dangerous capabilities like shell subprocess spawning or dynamic code evaluation of external data. 4. Sanitization: Captured website content is used directly in the summary report without escaping or filtering. - [EXTERNAL_DOWNLOADS]: The skill downloads standard packages from the NPM registry as defined in
package.json, including the vendor-provided@onkernel/sdkandplaywright-core. - [COMMAND_EXECUTION]: The workflow involves executing local CLI commands for managing Kernel browser sessions and running the Node.js-based analysis script via the Kernel CLI and NPM.
Audit Metadata