dianping-info-query
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it extracts and processes untrusted user-generated content from a public website.
- Ingestion points: Business reviews, user tags, and shop descriptions are extracted from
dianping.comusing thereadabilityandsnapshotactions as described inSKILL.mdandreferences/deep-info-extraction.md. - Boundary markers: The skill does not define specific boundary markers or instructions to isolate extracted web content, increasing the risk that the agent might follow instructions embedded in a user review.
- Capability inventory: The skill utilizes powerful browser interaction capabilities, including
navigate,click,type, andlist_tabs, which could be exploited if an injection is successful. - Sanitization: No sanitization or filtering logic is present in the skill to clean external text before the agent interprets it.
Audit Metadata