explainer
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of processing untrusted external content.
- Ingestion points: Processes arbitrary data from user-supplied URLs and GitHub README files via
WebFetchand theghAPI. - Boundary markers: The instructions do not define clear delimiters or specific instructions for the agent to ignore potentially malicious directions embedded in the fetched web content.
- Capability inventory: The agent has the ability to execute shell commands (
unzip,curl,gh), generate synthetic media (audio/video), and perform browser-based operations. - Sanitization: There is no evidence of sanitization, filtering, or validation of the external content before it is interpolated into the narrations or used to determine browser interaction targets (selectors).
- [COMMAND_EXECUTION]: The skill utilizes shell commands to facilitate specific features like file handling and API access.
- File Processing: Instructs the agent to use
bash,unzip, andcurlto manage local avatar uploads provided as.zipfiles. - API Interaction: Uses the
ghCLI tool to fetch repository metadata such as descriptions and homepages.
Audit Metadata