seo-roast
Warn
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the "agent-browser" package from NPM. This dependency is not from a recognized trusted vendor or well-known service, which introduces a risk of installing unverified software.
- [COMMAND_EXECUTION]: The instructions direct the agent to run "npm install -g agent-browser" if the package is missing. Executing global installation commands allows for modification of the system-wide environment and potentially introduces unauthorized binaries.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to fetch and analyze content from arbitrary external URLs provided by users or found during browsing.
- Ingestion points: The agent retrieves page content, titles, and HTML elements from external websites using browser tools.
- Boundary markers: The instructions lack specific delimiters or directions for the agent to treat the retrieved web content as untrusted data, making it possible for instructions within a page to influence agent behavior.
- Capability inventory: The agent has the capability to install software via CLI, write local files, and navigate the web.
- Sanitization: There is no explicit logic to filter or sanitize the retrieved content before it is passed to the LLM for analysis.
Audit Metadata