Skills
skills/bhagyamudgal/skills/qa/Gen Agent Trust Hub

qa

Warn

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a shell command using a URL provided by the user without explicit validation or sanitization. This allows for potential command injection if a malicious URL containing shell metacharacters (e.g., ;, &&, or backticks) is provided.
  • Evidence: curl -s -o /dev/null -w "%{http_code}" <url> in SKILL.md.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external or local web pages and processes it to make decisions about test steps.
  • Ingestion points: The skill uses browser_snapshot in SKILL.md to read page content and look for UI elements and login forms.
  • Boundary markers: While the skill uses a subagent prompt template, it lacks explicit instructions to ignore natural language instructions embedded within the target website's HTML or text.
  • Capability inventory: The agent has access to shell commands (curl, mkdir, grep, echo), file system modifications (creating .qa directory and updating .gitignore), and full browser interaction capabilities (Playwright MCP).
  • Sanitization: No sanitization, filtering, or content security policy is applied to the data retrieved from the browser_snapshot before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 13, 2026, 10:25 AM