qa-web-test
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from external URLs provided as TARGET_URL. Malicious content on a target page could attempt to subvert the agent's instructions.\n
- Ingestion points: Web content from TARGET_URL is read during navigation and inspection steps (SKILL.md, steps/step-01-connect.md).\n
- Boundary markers: Absent; there are no specific delimiters or instructions to ignore embedded commands found within the web content.\n
- Capability inventory: The skill can execute Bash commands for directory creation and use the Write tool for generating reports and saving screenshots (steps/step-05-report.md).\n
- Sanitization: No explicit sanitization or validation of the ingested web content or resulting identifiers is performed before use in file operations or reports.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute mkdir -p commands. These commands use the OUT_DIR variable, which is derived from user-provided arguments. This could potentially lead to directory traversal or unintended command execution if the input is not strictly validated by the agent.
Audit Metadata