subkeyword-injector
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes
agent-browserandjqshell commands. This presents a potential risk if input parameters like URLs are not correctly sanitized by the agent's tool execution environment.\n- [EXTERNAL_DOWNLOADS] (LOW): The skill suggests installingagent-browser, an external CLI tool, which introduces a third-party dependency from an unspecified source.\n- [PROMPT_INJECTION] (LOW): The skill has a surface for Indirect Prompt Injection (Category 8) because it retrieves and processes content from external URLs.\n - Ingestion points: Web page content and heading data retrieved via
agent-browser.\n - Boundary markers: Absent; no specific delimiters are defined to isolate external content from the core instructions.\n
- Capability inventory: The agent has the ability to write to the local file system and execute shell commands.\n
- Sanitization: Absent; the skill does not specify any validation or sanitization of the content retrieved from URLs.
Audit Metadata