search-intent-coverage
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies (MEDIUM): The skill instructs the installation of the 'agent-browser' npm package globally. This package is not hosted in a trusted repository or organization defined in the security guidelines.
- Dynamic Execution (LOW): The skill relies on executing CLI commands through 'agent-browser' to interact with live web pages. While typical for scraping, this introduces a surface for command-line interaction with external tools.
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from the web (SERP results and competitor pages) to build its output.
- Ingestion points: Competitor page text and structure extracted via 'agent-browser get text' and 'snapshot'.
- Boundary markers: Absent. There are no instructions to use delimiters or ignore instructions contained within the scraped text.
- Capability inventory: Shell command execution (agent-browser) and SERP API interactions.
- Sanitization: Absent. Content is processed directly to identify patterns and headings.
Audit Metadata