Skills
skills/chongdashu/phaserjs-tinyswords/frontend-testing/Gen Agent Trust Hub

frontend-testing

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The scripts/with_server.py utility uses subprocess.Popen(cmd, shell=True) and subprocess.run(command) to execute commands provided via CLI arguments. This enables arbitrary command execution on the host system. If an attacker can manipulate the input to the agent, they could achieve code execution via shell metacharacters in the server command arguments.\n- PROMPT_INJECTION (LOW): The skill identifies a surface for indirect prompt injection as the agent is encouraged to ingest untrusted data from a browser context.\n
  • Ingestion points: Browser console logs, network request metadata, and DOM snapshots (referenced in playwright-mcp-cheatsheet.md and SKILL.md).\n
  • Boundary markers: No delimiters or safety instructions are provided to mitigate the risk of the agent interpreting data as instructions.\n
  • Capability inventory: The agent can execute shell commands through provided scripts and interact with the browser.\n
  • Sanitization: No data validation or sanitization is performed on external data before processing.\n- EXTERNAL_DOWNLOADS (LOW): The script scripts/imgdiff.py requires the external Python package pillow. Although pillow is a trusted library, the reliance on external dependencies increases the potential attack surface.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:11 PM