safe-browser
Fail
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions and associated demo script (
hn-scraper-demo.mjs) attempt to read from a hardcoded sensitive file path:~/Developer/scratchpad/.env. This non-standard path access increases the risk of exposing sensitive environment variables or developer secrets stored on the host system.\n- [PROMPT_INJECTION]: The skill is designed to scrape and process content from Hacker News. Because this external data is untrusted and directly integrated into the agent's context without sanitization, it presents an indirect prompt injection surface.\n - Ingestion points: Web content scraped via the
safe_browsertool's extraction actions inhn-scraper-demo.mjs.\n - Boundary markers: Absent; the content is passed to the agent as part of the tool's JSON-formatted response.\n
- Capability inventory: The agent can perform navigations using the
safe_browsertool.\n - Sanitization: No validation or filtering is performed on the scraped text.
Recommendations
- AI detected serious security threats
Audit Metadata