dogfood
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to navigate to and process content from arbitrary, potentially untrusted web applications provided by the user. This creates a surface for indirect prompt injection.
- Ingestion points: Web content and application state are ingested into the agent's context via
browser_snapshot(DOM structure),browser_vision(visual analysis and element identification), andbrowser_console(JavaScript logs). - Boundary markers: The instructions in
SKILL.mdlack explicit boundary markers or warnings to the agent to ignore potentially malicious instructions embedded in the target website's HTML, text, or console logs. - Capability inventory: The agent possesses a broad range of interaction capabilities including
browser_navigate,browser_click,browser_type, andbrowser_press. A malicious website could attempt to hijack these capabilities through injected instructions to perform unauthorized actions. - Sanitization: There is no evidence of sanitization, filtering, or validation of the external content before it is processed by the agent's reasoning engine or used to generate the final QA report.
Audit Metadata