privacy-review
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's instructions are focused entirely on privacy auditing and regulatory compliance (GDPR, CCPA). No evidence of malicious prompt injection, obfuscation, or unauthorized network activity was found.\n- [COMMAND_EXECUTION]: The skill utilizes browser automation tools (e.g.,
new_session,act,get_browser_console_logs) to simulate user interactions and inspect runtime behavior of web applications for privacy validation purposes.\n- [INDIRECT_PROMPT_INJECTION]: The skill includes a surface for indirect prompt injection by ingesting data from external web pages.\n - Ingestion points: Browser console logs and HTML page source obtained from user-provided target URLs (SKILL.md).\n
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are used when processing browser-collected data.\n
- Capability inventory: The agent has capabilities for browser automation and file system writes (saving reports to
shiplight/reports/and tests toshiplight/tests/).\n - Sanitization: No specific sanitization or filtering of data collected from the browser is described before it is used in reports.
Audit Metadata