geo-review
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. It navigates to external URLs provided by the user and searches for content on Perplexity and Google. Because the agent processes the live text content of these third-party pages without explicit sanitization or boundary markers, an attacker could place malicious instructions on a website to hijack the agent's behavior when the skill crawls that page.
- [COMMAND_EXECUTION]: The skill generates and executes JavaScript snippets within a browser context. During Phase 5 (Remediation) and within the regression tests, the skill writes scripts that use
page.textContentand regex to perform assertions. While these are used for content validation, executing logic against untrusted web content is a sensitive operation. - [DATA_EXFILTRATION]: Risk of indirect data leakage. The skill aggregates information from target websites and search results into local reports. If an indirect prompt injection occurs via a crawled website, the agent could be instructed to include sensitive context or system information in the generated report files saved to the
shiplight/directory.
Audit Metadata