dogfood
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core function of navigating to and ingesting data from arbitrary, user-provided target URLs.
- Ingestion points: The skill uses
agent-browser snapshotto read page text andagent-browser console/agent-browser errorsto capture logs and exceptions from the web application being tested (documented inSKILL.md). - Boundary markers: No boundary markers, delimiters, or specific instructions are provided to the agent to treat external content as untrusted or to ignore embedded instructions found within the target app's HTML or console output.
- Capability inventory: The agent possesses significant capabilities including the use of
Bashfor shell command execution, filesystem access for writing reports and session data (auth-state.json), and automated browser control. - Sanitization: The skill does not perform any sanitization, escaping, or validation of the content scraped from the target application before incorporating it into the final report or using it to determine subsequent testing steps.
Audit Metadata