security-review
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from external websites and browser logs, which is a necessary function for a security scanner.
- Ingestion points: Data entering the agent context includes target URL content, HTTP response headers, and browser console logs (SKILL.md Phase 3).
- Boundary markers: No specific boundary markers or 'ignore embedded instructions' warnings are implemented for the ingested external content.
- Capability inventory: The skill utilizes browser interaction tools (
act,new_session), file-writing capabilities (saving reports toshiplight/reports/), and command execution for dependency audits. - Sanitization: No explicit sanitization or filtering of external content is documented before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill executes standard package manager audit tools (
npm audit,pip audit) to identify known vulnerabilities in the application's dependencies. - [DATA_EXPOSURE_AND_EXFILTRATION]: The skill requests test credentials and sensitive data (PII, payment info) from the user to perform authenticated penetration testing. Findings and evidence are stored locally in the workspace under the
shiplight/reports/directory.
Audit Metadata