event-prospecting
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill orchestrates a complex prospecting pipeline using the Bash tool to execute local Node.js scripts and vendor CLI tools (
bb,browse). It includes instructions to batch file writes and tool calls into single bash invocations to minimize user permission prompts while maintaining process efficiency. - [EXTERNAL_DOWNLOADS]: The skill programmatically fetches data from external conference and company websites using
bb fetchandbb browse. This content extraction is necessary for the skill's primary purpose of event prospecting and company research. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from arbitrary external URLs and incorporates that data into prompts for subagents during the triage, research, and enrichment phases.
- Ingestion points:
extract_page.mjsandextract_event.mjsfetch and parse content from arbitrary event and company homepages. - Boundary markers: Subagent prompts in
workflow.mdutilize structured headers (e.g., CONTEXT, COMPANIES TO TRIAGE) and explicit "Anti-hallucination rules" to delineate instructions from untrusted data. - Capability inventory: The skill and its subagents have access to
Bash(for command and script execution),Agent(for spawning sub-tasks), andbbsearch/fetch tools. - Sanitization: Content extraction scripts remove code tags (script, style) but do not perform semantic filtering or escaping of natural language instructions contained within the scraped text.
- [CREDENTIALS_UNSAFE]: The skill requires a
BROWSERBASE_API_KEY. It follows best practices by requiring this sensitive information to be provided via an environment variable rather than being hardcoded in scripts or instructions.
Audit Metadata