ziniao-page
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides the ability to execute arbitrary JavaScript within the browser context via the
page execcommand and theexecstep in theautomation runworkflow. This is a functional requirement for advanced browser automation. - [COMMAND_EXECUTION]: The
utility downloadcommand enables the agent to write specified content to the local filesystem (specifically the downloads directory) using the--contentand--filenameflags. - [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from external websites via
page contentandpage extractcommands, creating an indirect prompt injection surface. - Ingestion points: Untrusted data enters the agent context through page content extraction in
SKILL.mdand related references. - Boundary markers: No explicit instructions are provided to the agent to treat extracted web content as untrusted or to isolate it with delimiters.
- Capability inventory: The skill includes navigation, interaction, script execution (
page exec), and file writing (utility download). - Sanitization: No validation or sanitization of external content is mentioned before processing.
Audit Metadata