adversarial-audit
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface because it processes untrusted data (local code and external web content) while possessing significant capabilities. \n
- Ingestion points: Local codebase files (via exploration agents) and external web application content (via browser verification agent). \n
- Boundary markers: Absent. The agent is not instructed to disregard instructions embedded in the data it audits. \n
- Capability inventory: Browser automation (tabs_create_mcp, tabs_context_mcp), task management (TaskCreate, TaskUpdate), and file system writes (writing reports). \n
- Sanitization: No sanitization or validation of the ingested code or HTML content is performed.\n- [DATA_EXFILTRATION]: The skill's verification phase involves navigating to external, user-provided URLs using a browser. This constitutes a network operation to non-whitelisted domains. While intended for legitimate testing, this capability could be abused to exfiltrate local data if the agent's logic is manipulated.\n- [COMMAND_EXECUTION]: The skill utilizes browser automation and task management tools to perform its auditing tasks, which involve interacting with the execution environment and remote web services.
Audit Metadata