site-battle-test
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a documented attack surface for indirect prompt injection due to its core functionality of interacting with untrusted external web pages.
- Ingestion points: The agent navigates to arbitrary URLs and reads the page content, accessibility tree, console messages, and network request logs.
- Boundary markers: There are no explicit instructions or delimiters used to separate the target website's content from the agent's operational instructions.
- Capability inventory: The skill utilizes powerful tools for browser interaction, including navigation, element clicking, screenshot capture, and executing JavaScript within the page context.
- Sanitization: No sanitization or filtering logic is present to identify or ignore instructions hidden within the website metadata or text.
- [EXTERNAL_DOWNLOADS]: The skill is designed to fetch and process resources from external URLs as a fundamental part of its auditing process.
- [COMMAND_EXECUTION]: Employs the 'javascript_tool' to execute dynamically generated scripts within the browser environment for the purpose of measuring Core Web Vitals and analyzing page performance.
Audit Metadata