ziniao-page

Warn

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of the ziniao-cli binary to perform browser automation, system queries, and file operations. Notable commands include:
  • ziniao-cli automation run: Executes complex sequences of browser interactions defined via JSON.
  • ziniao-cli utility download: Writes arbitrary content to the local filesystem under the downloads directory.
  • [REMOTE_CODE_EXECUTION]: The skill provides the page exec command and an exec step within the automation run command, allowing the agent to execute arbitrary JavaScript code directly within the browser's context. This capability can be used to manipulate page state, bypass client-side security controls, or extract sensitive session information.
  • [DATA_EXFILTRATION]: Multiple commands facilitate the extraction of data from potentially sensitive browser sessions (e.g., Amazon Seller Central):
  • page content and page extract: Retrieve HTML, text, or structured data from the active page.
  • page screenshot: Captures images of the viewport or full page, which can be saved to local paths via the --path argument.
  • [PROMPT_INJECTION]: The skill exhibits a significant surface for Indirect Prompt Injection (Category 8):
  • Ingestion points: Data enters the agent's context through page content, page query, and page extract operations (found in SKILL.md and related references).
  • Boundary markers: The instructions lack explicit boundary markers or warnings to the agent to disregard instructions embedded within the retrieved web content.
  • Capability inventory: The agent has access to high-impact capabilities including arbitrary JavaScript execution (page exec), form submission (page input), and file writing (utility download).
  • Sanitization: There is no evidence of sanitization or filtering of the retrieved web content before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 16, 2026, 03:31 AM