userscripts
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data when it fetches HTML from external URLs via WebFetch or parses user-provided MHTML/HTML files to identify CSS selectors and page structures. This creates an indirect prompt injection surface where instructions hidden in the targeted web content could attempt to influence the agent's behavior during script generation. \n
- Ingestion points:
SKILL.mdPhase 2 (DOM Inspection) \n - Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded instructions in the analyzed data. \n
- Capability inventory: Access to network tools (WebFetch) and the ability to write
.user.jsfiles to the filesystem. \n - Sanitization: Absent; the agent is directed to search for patterns directly in raw external content. \n- [COMMAND_EXECUTION]: The skill's primary function is the dynamic generation of executable JavaScript (
.user.js) scripts based on templates and user input. This process of assembling executable code from external data sources presents an inherent security risk if the generated scripts incorporate unvalidated content from analyzed websites. \n- [EXTERNAL_DOWNLOADS]: The documentation inreferences/api-reference.mdandreferences/advanced-patterns.mdcovers the use of@requireandGM_addElementfor loading external JS libraries. While these are standard features for userscript development, they facilitate the inclusion and execution of remote code within the browser context.
Audit Metadata