illustration-ideas
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [External Downloads] (LOW): The skill instructs the agent to suggest 'npm install -g agent-browser' to the user if a browser tool is missing. This introduces a dependency on a third-party package not included in the trusted sources list.
- [Indirect Prompt Injection] (LOW): The skill processes content from arbitrary URLs, which may contain malicious instructions designed to manipulate the agent's behavior.
- Ingestion points: External data is ingested through the 'agent-browser' CLI or MCP browser tools (e.g.,
agent-browser open <url>). - Boundary markers: Absent. The skill lacks delimiters or instructions to ignore embedded commands within the fetched article content.
- Capability inventory: The agent is restricted to browser-based data extraction and text/diagram generation (Mermaid/ASCII). No high-risk capabilities like file system modification or network exfiltration of local secrets were detected.
- Sanitization: Absent. The agent is explicitly told to 'Carefully review the full content,' making it susceptible to following instructions found within the processed text.
Audit Metadata