webapp-testing
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates interaction with untrusted web content, creating a surface for indirect prompt injection.
- Ingestion points: The agent reads HTML content, console messages, and network data from target web applications via Chrome DevTools (AGENTS.md).
- Boundary markers: No delimiters or safety instructions are defined to separate application content from agent instructions.
- Capability inventory: The agent uses tools for browser interaction (click, fill), taking snapshots, and reading logs (SKILL.md, AGENTS.md).
- Sanitization: There is no evidence of sanitization or filtering of the ingested web data before processing.
Audit Metadata