web-browsing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill fetches content from arbitrary URLs, which serves as an ingestion point for untrusted data that could contain malicious instructions designed to manipulate the agent.\n
- Ingestion points: Untrusted data enters the agent context through the
WebFetch,browser_navigate, andbrowser_snapshottools specified inSKILL.md.\n - Boundary markers: The instructions lack delimiters or warnings for the agent to ignore instructions embedded within the retrieved web content.\n
- Capability inventory: The agent has network access via browsing tools and the ability to interact with the user via
ai_interaction.\n - Sanitization: No sanitization or validation of the external content is described or required by the skill.\n- [Prompt Injection] (LOW): The skill uses imperative language ('NEVER check mcps folder') to override standard agent tool-discovery behavior. While likely intended for performance in specific environments like Cursor, it represents a direct instruction to bypass standard operational checks.
Audit Metadata