webapp-testing
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [External Downloads] (LOW): The skill documentation in
SKILL.mdstates that 'Playwright will be installed automatically if not present'. Playwright is a trusted library maintained by Microsoft, so the finding is downgraded per trust rules. - [Indirect Prompt Injection] (LOW): The skill is designed to ingest data from external, potentially untrusted web pages through browser logs and page content analysis.
- Ingestion points: The
captureConsoleLogsfunction intest-helper.jscollects all browser console messages, andSKILL.mdexamples show reading page titles and content. - Boundary markers: No explicit delimiters or instructions are used to prevent the agent from interpreting page content as new commands.
- Capability inventory: The skill has the ability to write files to the local system (
page.screenshot) and perform further network interactions via the browser. - Sanitization: There is no sanitization or filtering of text retrieved from the browser before it is processed by the agent.
Audit Metadata