canary-watch
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from user-provided URLs (HTML, SSE, static assets), which creates a surface for indirect prompt injection. An attacker could potentially embed malicious instructions in a monitored page to influence the agent's analysis or report generation.\n
- Ingestion points: External URLs provided to the canary-watch tool as specified in the watch modes.\n
- Boundary markers: The instructions lack explicit delimiters or "ignore instructions" markers to separate untrusted web content from the agent's internal logic.\n
- Capability inventory: Implied capabilities include browser-based inspection of web content, headers, console logs, and performance metrics.\n
- Sanitization: No sanitization or validation of the fetched web content is described before it is processed by the agent.
Audit Metadata