Skills
skills/ishakantony/skills/web-inspect/Gen Agent Trust Hub

web-inspect

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the modern-screenshot library from the jsDelivr CDN (https://cdn.jsdelivr.net/npm/modern-screenshot) to provide screen capture functionality within the browser overlay.
  • [COMMAND_EXECUTION]: Executes several local helper scripts (server.mjs, poll.mjs, inject.mjs) using the Node.js runtime to manage the background server and file modifications.
  • [DATA_EXFILTRATION]: Transmits screenshots, console logs, and network error data from the browser to the local helper server. This data transfer is restricted to localhost (127.0.0.1) and is required for the skill's primary function of debugging.
  • [PROMPT_INJECTION]: Processes user-provided comments from the browser UI as instructions for code fixes. This creates a surface for indirect prompt injection, which is mitigated by the skill's workflow requiring the agent to propose changes for user verification.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 02:12 AM