Skills
skills/bacoco/shipguard/sg-visual-run/Gen Agent Trust Hub

sg-visual-run

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes test manifests and user-provided natural language to determine its actions.
  • Ingestion points: The skill reads visual-tests/**/*.yaml manifests, audit-results.json, and accepts natural language input to discover or generate tests.
  • Boundary markers: There are no explicit delimiters or instructions to ignore potential injection patterns within the manifest files or user-supplied text.
  • Capability inventory: The skill uses agent-browser for navigation, interaction, and JavaScript execution. It can also read files and perform vision-based assertions.
  • Sanitization: Content from external manifests or user input is not sanitized before being used to generate automation steps or criteria for LLM evaluation.
  • [COMMAND_EXECUTION]: The skill dynamically generates and executes browser actions, including arbitrary JavaScript via the agent-browser eval command, based on its interpretation of test manifests. While this is used for legitimate UI testing and state manipulation, it represents a high-capability execution surface driven by natural language processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 01:35 PM