ui-test
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface
- Ingestion points: Untrusted data is ingested from web pages via
browse snapshotandbrowse eval(accessibility tree and DOM content) and from local code viagit diff. - Boundary markers: The skill uses structured output markers (
STEP_PASS/STEP_FAIL) and mandates explicit step budgets for sub-agents to restrict autonomous execution depth. - Capability inventory: The skill uses
Bashto execute thebrowseCLI, handles file system operations in the.contextdirectory, and delegates tasks using theAgenttool. - Sanitization: No specific sanitization of ingested web content is performed before analysis, although the skill includes tests specifically designed to detect and report XSS vulnerabilities in the target application.
- [EXTERNAL_DOWNLOADS]: Fetches testing libraries from well-known services
- The skill downloads the
axe-corelibrary from Cloudflare's CDN (cdnjs.cloudflare.com) for accessibility testing. This is a standard practice for web auditing tools and utilizes a well-known service.
Audit Metadata