validate-ui
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
pkillandkill -9to manage local development processes on ports 3090 and 5173. This is a standard procedure for environment cleanup during testing suites (SKILL.md). - [EXTERNAL_DOWNLOADS]: The skill recommends installing the
agent-browsertool vianpm install -g agent-browser. This is a necessary dependency for the browser automation tests described in the workflow (SKILL.md). - [REMOTE_CODE_EXECUTION]: Automated scans flagged piping
curloutput topython3. Review confirms the skill usespython3 -m json.toolto format JSON responses from a local backend endpoint. This is a secure use of a standard library module for data presentation, not arbitrary code execution (SKILL.md). - [DATA_EXFILTRATION]: The skill interacts with the local application and allows the user to specify GitHub repositories for testing project management features. These actions involve network operations to whitelisted or local domains and are within the intended scope of validating the UI and workflow orchestration (SKILL.md).
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its browser automation capabilities.
- Ingestion points: UI snapshots and metadata are ingested from the browser using
agent-browser snapshot(SKILL.md). - Boundary markers: The instructions do not define specific delimiters to distinguish between test scripts and content retrieved from the application UI (SKILL.md).
- Capability inventory: The skill has access to
Bash(includingcurl) andWritetools, which could be misused if the agent followed instructions embedded in processed UI data (SKILL.md). - Sanitization: Content captured from the browser is processed directly without sanitization or validation logic (SKILL.md).
Audit Metadata