saccoai-swiss-compliance
Warn
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from external websites via the agent-browser tool, creating a surface for indirect prompt injection where malicious content on a target site could influence the auditing process or the content of generated compliance assets. Ingestion point: Target URL crawled in Phase 1. Boundary markers: No explicit delimiters or instructions to ignore embedded content are defined. Capability inventory: The skill can write .tsx and .md files, modify existing components, install packages via npm, and execute git commits. Sanitization: No evidence of sanitization for the data retrieved from the website before using it in code generation templates.
- [COMMAND_EXECUTION]: The skill performs automated shell commands to modify the local project environment. Evidence: Execution of 'npm install cookies-next' in Phase 4. Evidence: Execution of 'git commit' to record project changes.
- [EXTERNAL_DOWNLOADS]: The skill initiates the installation of external software dependencies. Evidence: Downloads and installs the 'cookies-next' library from the public NPM registry.
Audit Metadata