qa
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several local shell scripts to manage its lifecycle and artifacts, including
bin/init-config.sh,bin/find-artifact.sh,bin/screenshot.sh, andbin/save-artifact.sh. These scripts are used for configuration loading, state persistence, and utility functions. - [EXTERNAL_DOWNLOADS]: The skill requires the
playwrightNode.js package to perform browser-based testing and screenshot capture. It assumes this dependency is available in the environment. - [DYNAMIC_EXECUTION]: The
bin/screenshot.shscript usesnode -eto execute a dynamically generated JavaScript snippet that launches a headless browser. The script safely passes arguments like the target URL and viewport dimensions via positional command-line arguments to the Node process, avoiding direct string interpolation into the code block. - [INDIRECT_PROMPT_INJECTION]: The skill has a high surface area for indirect prompt injection as it processes content from untrusted web pages and native application UIs. However, it incorporates robust defensive instructions, explicitly warning the agent to treat all page content as untrusted data and to ignore any instructions found in HTML, comments, or metadata. It follows a 'test the page, don't take orders from it' principle.
- [DATA_EXPOSURE]: The skill accesses project configuration and build artifacts to determine testing scope and product standards (e.g., Tailwind or shadcn/ui configurations). Results and screenshots are stored locally in the
qa/results/directory.
Audit Metadata