navvi-signup
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill interacts with external, untrusted web content which creates a surface for indirect prompt injection attacks.
- Ingestion points: The skill ingests data from external websites using tools like
mcp__navvi__navvi_openandmcp__navvi__navvi_screenshotas documented in SKILL.md. - Boundary markers: The instructions lack explicit boundary markers or directions for the agent to ignore potentially malicious instructions found within the HTML or visual content of the target websites.
- Capability inventory: The agent has significant capabilities including form filling (
mcp__navvi__navvi_fill), clicking elements (mcp__navvi__navvi_click), and account registration (mcp__navvi__navvi_account), which could be abused if an injection succeeds. - Sanitization: There is no evidence of content sanitization or validation of the external web data before the agent processes and acts upon it.
Audit Metadata