dogfood
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate web testing activities using the authorized
agent-browsertool. It manages local files for reporting and captures browser state for session persistence, which are standard practices for this use case. No indicators of data exfiltration, unauthorized command execution, or malicious persistence were found. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks because its core function involves ingesting and analyzing untrusted content from external web applications.
- Ingestion points: The agent reads HTML, console logs, and network error data from target URLs specified by the user in SKILL.md.
- Boundary markers: No explicit instructions are provided to the agent to distinguish its operational commands from potentially malicious instructions embedded in the external target's web content.
- Capability inventory: The skill can execute local bash commands via the allowed-tools configuration to manage files and interact with the browser tool.
- Sanitization: There is no evidence of sanitization or filtering applied to the data retrieved from external web pages before it is processed by the agent.
Audit Metadata