dogfood
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No evidence of malicious behavior, data exfiltration, or unauthorized privilege escalation was found. The skill's use of browser automation and credential handling is appropriate for its stated QA purpose.
- [PROMPT_INJECTION]: The skill interacts with external web applications, which presents an attack surface for indirect prompt injection. 1. Ingestion points: Page content is read using agent-browser snapshot and console error/log commands in SKILL.md. 2. Boundary markers: No specific markers are used to separate page content from instructions. 3. Capability inventory: The skill has access to browser-based interactions (filling forms, clicking) and basic file system operations (mkdir, cp) as defined in SKILL.md. 4. Sanitization: The skill does not perform sanitization on data retrieved from the browser before processing.
Audit Metadata