visual-qa
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. A malicious website could display content specifically designed to trick the AI agent that analyzes the resulting screenshots.
- Ingestion points: URLs accessed via Playwright in
screenshot.py. - Boundary markers: None present to distinguish website content from agent instructions.
- Capability inventory: The skill can write files and perform network requests to any URL provided.
- Sanitization: No visual or content-based sanitization is performed before analysis.
- [COMMAND_EXECUTION]: The skill executes
screenshot.py, which invokes the Playwright library to manage a browser process and perform actions on web pages. - [PRIVILEGE_ESCALATION]: The script uses
/root/screenshotsas a default output directory, which typically requires root access and follows poor security practices for path selection.
Audit Metadata