Skills
skills/ninehills/skills/Lightpanda/Gen Agent Trust Hub

Lightpanda

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The scripts/install.sh script downloads the Lightpanda browser binary from its official GitHub repository (lightpanda-io/browser). The script implements an integrity check by comparing the downloaded file's SHA256 hash against a checksum retrieved from the GitHub API.
  • [COMMAND_EXECUTION]: The skill requires the execution of the lightpanda binary on the host system. The installation script uses chmod a+x to grant execution permissions to the downloaded binary.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes untrusted web content which could contain malicious instructions.
  • Ingestion points: Web content is ingested through the goto tool and presented to the agent as markdown or a semantic tree (SKILL.md).
  • Boundary markers: The skill instructions do not specify the use of delimiters or 'ignore' instructions to isolate web content from the agent's main objective.
  • Capability inventory: The agent has the ability to interact with web content using tools like click, fill, and evaluate (JavaScript execution), which could be misused if influenced by injected instructions.
  • Sanitization: There is no evidence of sanitization or filtering of the retrieved web content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 05:57 PM