strategist-site-audit
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions do not contain any prompt injection, obfuscation, or persistence mechanisms.
- [COMMAND_EXECUTION]: The skill utilizes 'CoWork browser automation' for site navigation and screenshot capture. This is a platform-specific tool used appropriately for the skill's stated purpose of auditing websites.
- [DATA_EXFILTRATION]: There is no evidence of unauthorized data transmission. The skill writes findings to local files (Markdown and HTML) within a working directory.
- [REMOTE_CODE_EXECUTION]: The skill does not download or execute untrusted code or scripts from the internet. It relies on standard browser automation for its analysis.
- [PROMPT_INJECTION]: The skill has an inherent surface for indirect prompt injection as it ingests and processes content from external websites provided by the user.
- Ingestion points: Website content from user-specified URLs and qualitative research data provided by the strategist.
- Boundary markers: None explicitly mentioned in the instructions for isolating external content.
- Capability inventory: Browser navigation (CoWork) and writing files to the local disk.
- Sanitization: No explicit sanitization or filtering of the processed website data is mentioned.
Audit Metadata