geo-review
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from external URLs and search engine results during the analysis phase.
- Ingestion points: Content extracted from user-provided URLs and third-party search engines like Perplexity and Google in SKILL.md.
- Boundary markers: Absent; the skill extracts text content without explicit delimiters or instructions to ignore embedded commands.
- Capability inventory: Utilizes browser tools for navigation and content extraction, and performs file write operations to the local filesystem.
- Sanitization: No sanitization of the ingested web content is described before processing.
- [DYNAMIC_EXECUTION]: The skill creates executable test scripts within YAML files as part of its remediation guidance.
- Evidence: JavaScript code snippets defined in the Remediate section for use in regression tests within SKILL.md.
- [COMMAND_EXECUTION]: The skill manages a browser environment and writes generated audit data to the local workspace.
- Evidence: Use of new_session and record_evidence for browser interaction, and saving outputs to shiplight/ directories in SKILL.md.
Audit Metadata