test-ui
Fail
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill's documentation for 'Testing Protected Routes' instructs users to manually copy and paste sensitive, active authentication data (such as session cookies, JWT/Bearer tokens, and localStorage keys) from their browser into the agent context. This practice facilitates the exposure of high-value credentials.\n- [COMMAND_EXECUTION]: The workflow involves executing local Node.js scripts (
inject-auth.js,navigate.js,screenshot.js) found in the.claude/skills/chrome-devtools/scriptsdirectory to automate browser actions and credential injection.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it browses and analyzes content from arbitrary external URLs. Malicious instructions embedded in a target website could be processed by the multimodal agent, potentially leading to unauthorized actions or biased reporting.\n - Ingestion points: Content and visual elements of the target URL ($URL).\n
- Boundary markers: None present; the skill lacks delimiters or instructions to ignore embedded commands in the processed web data.\n
- Capability inventory: File system access, planning subagents, browser automation via Node.js, and multimodal content analysis.\n
- Sanitization: No sanitization, escaping, or validation of the external web content is mentioned before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata