dogfood
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected. The skill performs legitimate QA testing activities using tools explicitly defined in its configuration.
- [INDIRECT_PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection as it ingests untrusted data from external websites via browser snapshots and console logs. 1. Ingestion points:
agent-browser snapshotandagent-browser consolecommands inSKILL.md. 2. Boundary markers: No explicit delimiters or instructions to ignore website-provided text are present. 3. Capability inventory: The agent has access toBash(specificallyagent-browser,mkdir, andcp) allowing it to interact with the web and manage local files. 4. Sanitization: No evidence of data sanitization or validation of the ingested website content was found. While the surface exists, the risk is inherent to the skill's primary purpose and no active exploitation was detected.
Audit Metadata