paw-mkt-analytics
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for setting up the
agent-browsertool, referencing the Vercel Labs repository on GitHub and the official NPM registry. These are well-known and trusted sources for developer tooling. - [COMMAND_EXECUTION]: The skill executes shell commands to verify the presence of required tools (Node.js, Python, Git) and to facilitate browser-based research and profile discovery. These operations are aligned with the skill's stated purpose of marketing analysis and research.
- [DATA_EXFILTRATION]: While the skill handles sensitive authentication data for platforms like LinkedIn and Twitter during research tasks, it includes specific security warnings and best practices for the agent and user, such as using dedicated profiles and excluding auth files from version control. No evidence of unauthorized data exfiltration was found.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it performs live website audits, which involves ingesting untrusted content from external URLs into the agent's context. This is a common surface for such tasks and is documented here as a risk factor.
Audit Metadata