qa
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill explicitly instructs the agent to search for and read credentials from a file named
CREDENTIALS.md. Accessing files with such names to retrieve authentication data is a high-risk practice that exposes secrets to the model context.\n- [COMMAND_EXECUTION]: The skill triggers automated browser testing using 'Playwright MCP', which involves executing commands and interacting with local network services on port 5173.\n- [PROMPT_INJECTION]: The skill processes the 'last task completed' from the conversation history to generate test plans, creating an indirect prompt injection surface (Category 8).\n - Ingestion points: Identifies the last task in the conversation history as the basis for testing.\n
- Boundary markers: None identified; no delimiters or instructions to ignore embedded commands are present.\n
- Capability inventory: Execution of headless browser tests via Playwright and interaction with local network ports.\n
- Sanitization: None identified for the task data retrieved from conversation history.
Recommendations
- AI detected serious security threats
Audit Metadata