constructive-agent-e2e
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads and installs the agent-browser package and Playwright Chromium via NPM and NPX during the setup phase.- [COMMAND_EXECUTION]: Executes shell commands and local TypeScript scripts (e.g., ts-node scripts/provision.ts, pnpm dev) to manage the application lifecycle and database provisioning. It also utilizes the agent-browser CLI for UI interactions.- [REMOTE_CODE_EXECUTION]: Utilizes the eval command within agent-browser to execute arbitrary JavaScript code inside a browser environment for state verification and error checking.- [PROMPT_INJECTION]: The skill is exposed to indirect prompt injection because the agent processes and acts upon UI metadata (accessibility trees) which can be influenced by untrusted or dynamically generated application content.\n
- Ingestion points: Accessibility tree data and element labels captured via the agent-browser snapshot command.\n
- Boundary markers: No explicit delimiters or guardrails are used to separate UI metadata from the agent's internal instructions.\n
- Capability inventory: Shell execution, local file modification, database provisioning via the Constructive SDK, and browser-based code execution.\n
- Sanitization: Data extracted from the application UI is processed without sanitization before being used to drive subsequent agent interactions.
Audit Metadata