site-battle-test

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses a documented attack surface for indirect prompt injection due to its core functionality of interacting with untrusted external web pages.
  • Ingestion points: The agent navigates to arbitrary URLs and reads the page content, accessibility tree, console messages, and network request logs.
  • Boundary markers: There are no explicit instructions or delimiters used to separate the target website's content from the agent's operational instructions.
  • Capability inventory: The skill utilizes powerful tools for browser interaction, including navigation, element clicking, screenshot capture, and executing JavaScript within the page context.
  • Sanitization: No sanitization or filtering logic is present to identify or ignore instructions hidden within the website metadata or text.
  • [EXTERNAL_DOWNLOADS]: The skill is designed to fetch and process resources from external URLs as a fundamental part of its auditing process.
  • [COMMAND_EXECUTION]: Employs the 'javascript_tool' to execute dynamically generated scripts within the browser environment for the purpose of measuring Core Web Vitals and analyzing page performance.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 11:30 AM
Security Audit — agent-trust-hub — site-battle-test