analyze-website
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- Dynamic Execution (MEDIUM): The skill instructions specify creating and running "temporary WDIO scripts" to handle authenticated discovery. Generating and executing code at runtime based on external site structure or provided inputs presents a risk of arbitrary command execution if the script generation logic is manipulated.
- Credentials Handling (MEDIUM): The skill is designed to accept and process cleartext "test credentials (username/password)". While it explicitly instructs the agent to "Never persist credentials in output artifacts," the handling of these secrets within the agent's context and their use in generated scripts poses a risk of exposure or misuse.
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from external URLs (HTML, metadata) and screenshots. A malicious website could embed instructions designed to manipulate the agent's analysis, importance scoring, or the generation of navigation scripts.
- Ingestion points: External URLs, HTML source code, and screenshots provided by the user.
- Boundary markers: Absent; the skill does not define specific delimiters or instructions to ignore embedded commands within the ingested content.
- Capability inventory: File writing to the local filesystem (
website-analysis.md,website-analysis.json) and execution of WebdriverIO navigation scripts. - Sanitization: Instructions focus on not persisting secrets but do not specify sanitization or validation of the external HTML/metadata being processed.
Audit Metadata