Skills
skills/buildbetter-app/bb-skills/app-navigator/Gen Agent Trust Hub

app-navigator

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFECREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill requests and stores user credentials (Email, Password) in a local file (~/.claude/projects/<project>/memory/reference_local_auth.md) for persistent use.
  • [DATA_EXFILTRATION]: The skill accesses local project memory paths to retrieve stored credentials for automated login processes.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes content from external URLs via browser snapshots.
  • Ingestion points: Content is ingested through mcp__playwright__browser_snapshot as described in the Setup Mode Process.
  • Boundary markers: No delimiters or instructions are used to ignore potential commands within the ingested web content.
  • Capability inventory: The skill has access to Bash, Write, and Agent tools across its scripts, which could be exploited by malicious web content.
  • Sanitization: There is no evidence of sanitization or validation of the ingested browser snapshots before they are processed by the agent.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute shell commands for checking the status of local development servers via curl and potentially starting them if authorized by the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 08:57 PM