Comprehensive Testing & Verification
Fail
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it mandates the ingestion of untrusted data from a browser environment via Playwright MCP. \n
- Ingestion Points: http://localhost:5546 and application UI components (SKILL.md). \n
- Boundary Markers: Absent. No delimiters or instructions are provided to the agent to ignore embedded commands within the application's UI or data. \n
- Capability Inventory: Includes execution of shell commands such as 'npm run dev' and 'npm run build' (SKILL.md). \n
- Sanitization: Absent. There is no requirement to sanitize or validate content before it influences the agent's reasoning or command execution. \n- [COMMAND_EXECUTION] (HIGH): The skill explicitly directs the agent to execute shell commands. In an environment where the agent is also processing untrusted data from a web app, this creates a path for an attacker to achieve arbitrary command execution by embedding malicious prompts in the application being tested.
Recommendations
- AI detected serious security threats
Audit Metadata