Crab Catch
Warn
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute shell commands during initialization to install and setup dependencies. Specifically, it executes
npm install -g agent-browserandagent-browser installat the start of a session. - [EXTERNAL_DOWNLOADS]: The skill downloads and installs an external dependency (
agent-browser) from the NPM registry. This package is used for browser automation and data extraction from arbitrary websites. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from multiple external sources.
- Ingestion points: Processes content from Twitter replies, long-form articles, GitHub repository source code, and arbitrary website text (referenced in SKILL.md under Step 2).
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the orchestration flow.
- Capability inventory: The skill can execute subprocesses (
agent-browser,node), perform network requests to its proprietary API (crab-skill.opsat.io), and write files to the local file system (~/.crab-catch/reports/). - Sanitization: No sanitization or validation logic is defined for the external data before it is passed to the analysis and reporting phases.
Audit Metadata