search-intent-coverage
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides explicit shell commands for the agent to execute, including environment setup (
npm i -g agent-browser) and operational commands (agent-browser open,snapshot, etc.) to interact with web browsers. - [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
agent-browserpackage from the public npm registry to enable its web-scraping capabilities. - [DATA_EXFILTRATION]: The core workflow involves fetching and extracting text/data from external competitor URLs. This is the intended purpose of the skill, though it involves automated navigation to third-party domains.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external websites.
- Ingestion points: Untrusted content is ingested from competitor URLs via the
agent-browsertool. - Boundary markers: The instructions do not define delimiters or specific warnings to ignore instructions embedded within the scraped competitor content.
- Capability inventory: The skill environment has shell execution capabilities and browser control.
- Sanitization: No evidence of sanitization or filtering is present for the content extracted from the web before it is analyzed by the agent.
Audit Metadata