verify-artifact
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by processing external web content through visual analysis and console logs.
- Ingestion points: Data is ingested from external URLs or HTML paths using
mcp__chrome-devtools__take_screenshot(for vision-based analysis) andmcp__chrome-devtools__list_console_messages(for text-based analysis of console output). - Boundary markers: The skill instructions do not specify any delimiters or safety warnings to ensure the agent ignores instructions that may be embedded within the text of the audited web page or console messages.
- Capability inventory: The skill allows the agent to navigate pages, execute scripts in a browser context, and run restricted shell commands (
date), which could be leveraged if an injection is successful. - Sanitization: No sanitization or filtering is applied to the content visible in screenshots or extracted from console logs before being passed to the agent for reasoning.
Audit Metadata