test-web-ui
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection vulnerability. It collects untrusted data (such as page titles, headings, and console error messages) from external websites and incorporates this data directly into an HTML report without sanitization.\n
- Ingestion points: Data is ingested via
scripts/discover.pyandscripts/run_tests.pyfrom any target URL provided by the user.\n - Boundary markers: None. Untrusted web content is not delimited or clearly marked as potentially untrusted data within the processing flow.\n
- Capability inventory: The skill has the capability to write to the file system (JSON results and HTML reports) and perform network navigation via Playwright.\n
- Sanitization: Absent in
scripts/generate_report.py. The script uses f-strings to generate HTML rows, allowing any malicious scripts present in the tested website's metadata to be included in the final report.\n- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of official tools from well-known sources.\n - It provides instructions to download and install the
@playwright/clifrom the npm registry and theplaywrightlibrary from PyPI.\n - Both resources are maintained by Microsoft and are essential components for the skill's intended web automation functionality.\n- [COMMAND_EXECUTION]: The skill executes its own internal Python scripts and CLI tools to perform its duties.\n
- Operations include site discovery, test execution, and report generation via subprocess calls or direct execution, which are standard for an automated testing utility.
Audit Metadata