Skills
skills/team2027/skills/event-prospecting/Gen Agent Trust Hub

event-prospecting

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted data from external conference platforms and company websites.
  • Ingestion points: Untrusted data enters the agent context via scripts/extract_event.mjs (speaker bios and names) and scripts/extract_page.mjs (web page body and meta tags).
  • Boundary markers: The subagent prompts defined in references/workflow.md lack explicit delimiters or "ignore instructions" wrappers to isolate untrusted web content from the agent's instructions.
  • Capability inventory: The skill has access to the bash tool, which is used to execute local Node.js scripts and the browse CLI.
  • Sanitization: scripts/extract_page.mjs performs basic sanitization by stripping HTML tags from the extracted body text.
  • [COMMAND_EXECUTION]: The skill extensively uses the bash tool to coordinate its pipeline, executing several local Node.js scripts (recon.mjs, extract_event.mjs, extract_page.mjs, compile_report.mjs) and the browse CLI. This execution is fundamental to the skill's data extraction and reporting capabilities.
  • [COMMAND_EXECUTION]: The extraction scripts (recon.mjs and extract_event.mjs) utilize browse eval to execute JavaScript strings within a browser environment. This is used to extract structured data from __NEXT_DATA__ blocks and other page elements on external websites.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 02:05 AM
Security Audit — agent-trust-hub — event-prospecting