design-iterator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill facilitates indirect prompt injection by navigating to external competitor websites during its research phase. 1. Ingestion points: The agent visits user-provided or discovered URLs using
agent-browser open [url]. 2. Boundary markers: There are no instructions to isolate or ignore instructions contained within the HTML/text of visited websites. 3. Capability inventory: The skill has the ability to read and modify local source code files and execute browser automation commands. 4. Sanitization: No validation or sanitization of the content retrieved from external websites is performed before processing. - COMMAND_EXECUTION (LOW): The skill uses the
agent-browsercommand-line utility to automate browser interactions. 1. Evidence: Multiple shell-based tool calls such asagent-browser snapshot,agent-browser scrollintoview, andagent-browser screenshotare core to the workflow.
Audit Metadata