paw-mkt-pricing
Warn
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the
agent-browsertool from Vercel Labs' GitHub repository and official package registries.- [COMMAND_EXECUTION]: Executes shell commands for browser automation and setup, including scripts from the vendor's sibling skill (paw-mkt-setup).- [DATA_EXFILTRATION]: Stores browser session states, including plaintext authentication tokens, in local files such asmy-auth.jsonto facilitate authenticated research. This practice requires careful management to prevent credential exposure.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes data from external websites without sanitization.\n - Ingestion points: Scraped website content and screenshots fetched via
agent-browser(documented inSKILL.md).\n - Boundary markers: No boundary markers or instructions to ignore embedded data are present in the processing logic.\n
- Capability inventory: The skill can execute shell commands, perform network requests via a browser, and write files.\n
- Sanitization: No sanitization or validation of external web content is performed.
Audit Metadata