browser-qa
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill defines a legitimate set of instructions for verifying web application behavior after deployment, covering smoke tests, interaction tests, and visual regressions.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it is designed to navigate to and interact with external, untrusted websites. Content on these sites could theoretically attempt to override the agent's instructions during the QA process.
- Ingestion points: Target URLs visited in SKILL.md during Phase 1.
- Boundary markers: No explicit delimiters or warnings for the agent to ignore instructions embedded in the target web content are provided in the skill instructions.
- Capability inventory: Browser automation (navigation, form interaction, clicks) via
claude-in-chromeor Playwright MCP tools. - Sanitization: No automated sanitization of site content is described.
- [DATA_EXFILTRATION]: The skill's Phase 2 includes testing 'auth flow: login → protected page → logout'. While a standard QA task, this involves the agent handling session state and potentially credentials. Users should handle authentication secrets through secure platform-provided mechanisms.
Audit Metadata