dogfood
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes and acts upon data from external, untrusted websites.
- Ingestion points: Content is ingested via the
agent-browser snapshotandagent-browser snapshot -icommands inSKILL.mdto identify page structure and interactive elements. - Boundary markers: No explicit boundary markers or instructions are provided to the agent to disregard instructions embedded within the target application's content.
- Capability inventory: The skill allows the execution of filesystem commands (
mkdir,cp) and browser interactions (filling forms, clicking, recording) as seen inSKILL.md. - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the web browser before it is processed by the agent.
Audit Metadata