dogfood
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because its core function involves browsing and analyzing untrusted web applications.\n
- Ingestion points: The agent ingests untrusted data from the target website via the
agent-browser snapshot,agent-browser console, andagent-browser errorscommands inSKILL.md(Step 4).\n - Boundary markers: There are no explicit instructions or delimiters used to prevent the agent from interpreting text found on a target website as a new set of instructions to follow.\n
- Capability inventory: The agent has permissions to perform filesystem operations (e.g.,
mkdir,cp) and extensive browser interactions (e.g.,navigate,fill,click,record) using theagent-browsertool, which could be misused if the agent is manipulated by a malicious website.\n - Sanitization: The skill does not implement any validation or sanitization for the content retrieved from the web browser before it is processed by the agent.
Audit Metadata