web-research
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the
agentcashpackage from the npm registry, which is managed and executed via thenpxpackage runner. - [COMMAND_EXECUTION]: The skill utilizes the
npx agentcash@latest fetchcommand to communicate with neural search and web scraping endpoints. - [DATA_EXFILTRATION]: Queries and URLs are sent to
https://stableenrich.devfor the purpose of search and content extraction. This activity is expected based on the skill's stated purpose and targets the service associated with the author. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from external, potentially untrusted websites.
- Ingestion points: Scraped content and search results returned from the Exa and Firecrawl APIs.
- Boundary markers: The provided instructions do not include specific boundary markers or instructions to ignore embedded commands in the scraped data.
- Capability inventory: The agent's capabilities in this context are primarily limited to summarizing and synthesizing information from the search results.
- Sanitization: There is no mention of filtering or sanitization steps performed on the ingested web content before it is presented to the agent.
Audit Metadata