Skills
skills/mobbin/skills/mobbin-search/Gen Agent Trust Hub

mobbin-search

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use the open command on macOS to automatically launch a generated HTML file in the user's browser, which is a shell command execution pattern.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (specifically Cross-Site Scripting) because it ingests data from an external search tool and interpolates it into a locally-executed HTML file without explicit sanitization instructions.\n
  • Ingestion points: Data enters the context via the search_screens tool, specifically fields like app_name and mobbin_url.\n
  • Boundary markers: The instructions do not define delimiters or specific safety warnings to isolate external content within the generated HTML code.\n
  • Capability inventory: The skill has the ability to write to the local file system (./.mobbin/) and execute shell commands (open).\n
  • Sanitization: There are no instructions for escaping or validating the HTML content before it is written and opened, allowing potential scripts in app metadata to execute in the user's browser context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 10:14 AM
Security Audit — agent-trust-hub — mobbin-search