trustpilot-company-info
Pass
Audited by Gen Agent Trust Hub on Jul 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a pattern where a Python script generates JavaScript code which is then executed in a browser environment via
eval. This is a standard operational pattern for browser-based automation skills and is used here to extract structured data from the page's internal JSON state. - [DATA_EXFILTRATION]: While the skill performs web scraping, it targets a well-known public service (Trustpilot) to retrieve non-sensitive company metadata. It does not access private user data, credentials, or sensitive local files.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external web pages. However, the extraction logic is strictly defined to target the
__NEXT_DATA__script tag and parses it into a specific JSON schema, which limits the risk of the agent interpreting the scraped content as instructions.
Audit Metadata