trustpilot-company-info

Pass

Audited by Gen Agent Trust Hub on Jul 9, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a pattern where a Python script generates JavaScript code which is then executed in a browser environment via eval. This is a standard operational pattern for browser-based automation skills and is used here to extract structured data from the page's internal JSON state.
  • [DATA_EXFILTRATION]: While the skill performs web scraping, it targets a well-known public service (Trustpilot) to retrieve non-sensitive company metadata. It does not access private user data, credentials, or sensitive local files.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external web pages. However, the extraction logic is strictly defined to target the __NEXT_DATA__ script tag and parses it into a specific JSON schema, which limits the risk of the agent interpreting the scraped content as instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 9, 2026, 11:21 AM
Security Audit — agent-trust-hub — trustpilot-company-info