visual-brand-extractor
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from external websites via the WebFetch tool.\n
- Ingestion points: Content is ingested from external URLs during Phase 1 using the WebFetch capability based on user input.\n
- Boundary markers: The instructions for the agent do not specify delimiters or boundary markers (e.g., xml tags) to isolate the fetched web content from the agent's instructions, nor do they include warnings to ignore embedded commands.\n
- Capability inventory: The agent is granted the capability to write files to the local filesystem (specifically within the 'clients/' directory).\n
- Sanitization: The skill lacks any description of sanitization, filtering, or validation for the fetched HTML and CSS data before the agent performs its analysis.
Audit Metadata