Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill navigates to pinterest.com and fetches media from i.pinimg.com. These are well-known, trusted domains for the intended use case of browsing Pinterest content.
- [COMMAND_EXECUTION]: It executes an internal Python script 'scripts/pinterest_api.py' to manage Pinterest API calls, which is a standard implementation for this type of skill.
- [PROMPT_INJECTION]: The skill processes untrusted data from Pinterest search results and pin details, creating a surface for potential indirect prompt injection.
- Ingestion points: Pinterest search result snapshots and pin detail pages.
- Boundary markers: None identified.
- Capability inventory: Browser navigation, snapshotting, and sending messages with media or file paths.
- Sanitization: None identified.
Audit Metadata