gourmet-research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill is subject to Indirect Prompt Injection (Category 8) due to its core function of processing data from external, untrusted restaurant review websites.
- Ingestion points: Data is pulled from external URLs including Tabelog, Naver Map, and Yelp via scraping.
- Boundary markers: No specific delimiters or safety instructions are defined to separate scraped content from the agent's internal logic.
- Capability inventory: The skill has capabilities to write to the file system (within city-slug folders) and browse the web using Playwright.
- Sanitization: There is no explicit sanitization step for the information retrieved from external sites before it is written to the project files.
- [Data Exfiltration] (SAFE): Network operations are restricted to well-known, reputable travel and food review domains for the purpose of research. No sensitive local file access or exfiltration patterns were detected.
- [Remote Code Execution] (SAFE): No scripts are downloaded or executed. The mention of Playwright is an instruction for the agent to use a standard browsing tool for data extraction.
- [Obfuscation] (SAFE): No encoded content, zero-width characters, or homoglyphs were found in the instructions or templates.
Audit Metadata