reverse-engineering
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The instructions direct the agent to utilize
npx evalboxandbun x evalbox. These commands download and execute an external package (evalbox) from the public npm registry that is not from a verified or trusted vendor. - [REMOTE_CODE_EXECUTION]: The skill encourages a workflow where the agent writes and executes "lambda files" locally to test website interactions. This pattern of dynamic script generation and runtime execution allows for arbitrary code to run within the agent's environment.
- [CREDENTIALS_UNSAFE]: The skill provides examples for creating automated clients that handle sensitive data, specifically
loginWithCredental("email", "password")andexportCookies(), which can lead to the unsafe handling or logging of user credentials and session tokens during the development of these integrations. - [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection.
- Ingestion points: The agent is instructed to read code from external websites and process exported HAR (HTTP Archive) files containing network traffic.
- Boundary markers: There are no specified delimiters or instructions to ignore potential instructions embedded within the target website's content.
- Capability inventory: The agent has the ability to write files and execute commands via shell environments (npx, bun).
- Sanitization: No sanitization or validation steps are defined for the data extracted from external websites before it is used to inform script generation.
Audit Metadata