dogfood
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it incorporates untrusted data from external websites into the agent's decision-making process.
- Ingestion points: Untrusted content is retrieved from the target URL via
browser_snapshot(DOM content),browser_vision(visual analysis of screenshots), andbrowser_console(JavaScript console logs) as described in Phase 2 ofSKILL.md. - Boundary markers: The workflow does not include boundary markers or instructions for the agent to ignore potentially malicious commands embedded in the website's data.
- Capability inventory: The skill grants the agent access to interaction tools with significant side effects, including
browser_click,browser_type,browser_press, andbrowser_navigateas defined in the Prerequisites and Tools Reference sections. - Sanitization: There is no mechanism to sanitize or validate the content retrieved from the browser before it is processed by the LLM.
- [NO_CODE]: This skill contains no executable source code or binaries, consisting entirely of Markdown instructions, report templates, and taxonomy references.
Audit Metadata