Skills
skills/devskale/skale-skills/rodney/Gen Agent Trust Hub

rodney

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the rodney binary to automate browser tasks. It includes capabilities for evaluating JavaScript in the browser (rodney js), managing browser sessions, and capturing screenshots or PDFs.
  • [EXTERNAL_DOWNLOADS]: The installation guide suggests downloading the rodney tool from a public GitHub repository (simonw/rodney) and using package managers like uv or pipx. These are standard methods for installing developer utilities.
  • [PROMPT_INJECTION]: This skill has a surface for indirect prompt injection through its web scraping features.
  • Ingestion points: Content is retrieved from remote websites using rodney open, rodney text, and rodney html.
  • Boundary markers: The provided examples do not use specific delimiters or instructions to ignore embedded prompts in the scraped data.
  • Capability inventory: The skill can interact with web forms, upload/download files, and run JavaScript, which could be exploited if a malicious page is visited.
  • Sanitization: Content from the web is processed without explicit sanitization or filtering before being presented to the agent context.
  • [DATA_EXFILTRATION]: The rodney file and rodney download commands enable file transfers between the local system and web services. While these are legitimate features, they could be misused to exfiltrate sensitive local files if the agent is directed to do so by untrusted content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 06:08 AM