develop-userscripts
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the analysis and processing of untrusted user-provided browser scripts, which represents a potential surface for indirect prompt injection attacks.\n
- Ingestion points: User-provided scripts and configuration blocks for debugging and packaging tasks as described in SKILL.md and scriptcat-extensions.md.\n
- Boundary markers: The skill does not provide instructions for isolating or delimiting user-supplied script content to prevent execution of embedded instructions by the agent.\n
- Capability inventory: The agent environment typically allows file system operations and terminal command execution for script development workflows.\n
- Sanitization: No sanitization or verification procedures are specified for the untrusted script data being processed.\n- [SAFE]: The skill refers to official and well-known documentation platforms for browser extensions and userscript managers (tampermonkey.net, scriptcat.org) and includes benign code templates for educational purposes.
Audit Metadata