audit-website
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data fetched from external websites, which is a vector for indirect prompt injection attacks where a malicious website could attempt to influence the agent's behavior. \n
- Ingestion points: Website content and DOM snapshots are fetched from arbitrary URLs via
web_fetchandbrowsertools as defined inSKILL.md. \n - Boundary markers: The instructions do not define specific delimiters or isolation warnings to distinguish fetched content from the agent's logic. \n
- Capability inventory: The skill utilizes
web_fetch,browser(open/snapshot), and thesquirrelCLI tool. \n - Sanitization: No explicit sanitization or filtering of external content is mentioned. \n- [COMMAND_EXECUTION]: The skill references and utilizes an external CLI tool named
squirrelfor performing audits, which involves executing code on the host system with parameters derived from user-provided URLs.
Audit Metadata