browserstack
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends the installation of the 'browserstack-local' package from npm to enable local testing tunnels.
- [COMMAND_EXECUTION]: The skill executes automated tests via the 'npx playwright test' command.
- [CREDENTIALS_UNSAFE]: Authentication is managed using 'BROWSERSTACK_USERNAME' and 'BROWSERSTACK_ACCESS_KEY' environment variables.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface. 1. Ingestion points: Test logs and session details are retrieved from BrowserStack via 'browserstack_get_logs' and 'browserstack_get_session' in SKILL.md. 2. Boundary markers: No delimiters or ignore instructions are used for the ingested content. 3. Capability inventory: The skill can execute shell commands and modify local configuration files. 4. Sanitization: No sanitization of the retrieved log data is performed.
Audit Metadata