dogfood
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from external websites provided by the user, which could contain adversarial instructions. Ingestion points: Browser interaction via
agent-browser(snapshot, open) as defined inSKILL.md. Boundary markers: Absent; there are no instructions to distinguish between the agent's core task and instructions embedded in the target site's content. Capability inventory: The agent can perform file system operations (mkdir,cp) and automated browser actions (agent-browser) as outlined inSKILL.md. Sanitization: Absent; the agent reads and acts on raw page content and console errors. - [COMMAND_EXECUTION]: The skill utilizes shell commands (
mkdir,cp,sleep) to manage output directories and the report template. These commands are necessary for generating documentation and are used in a controlled manner. - [EXTERNAL_DOWNLOADS]: The skill navigates to external URLs to perform testing. While it does not download shell scripts for direct execution, it executes the web application's code (JavaScript) within the controlled environment of the
agent-browsertool.
Audit Metadata