security-audit
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: The agent navigates to and reads content from URLs in SKILL.md and captures browser logs in test-helper.js. 2. Boundary markers: Absent; there are no instructions or delimiters provided to help the agent distinguish between internal commands and content retrieved from external pages. 3. Capability inventory: Extensive browser automation capabilities including clicking, form filling, and navigation as defined in SKILL.md. 4. Sanitization: None; external content is processed directly by the agent without filtering.
- [COMMAND_EXECUTION] (MEDIUM): The captureScreenshot function in test-helper.js is vulnerable to path traversal. It incorporates a user-provided name parameter directly into a filesystem path without sanitization, which could allow writing files to unauthorized locations.
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires runtime installation of the Playwright package and browser binaries. While Microsoft is a trusted source, automated installation of external binaries should be verified by the user environment.
Recommendations
- AI detected serious security threats
Audit Metadata