qa
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it interacts with untrusted external data during web application testing.\n
- Ingestion points: The skill uses the
browsetool to visit target URLs and extract data including DOM snapshots, links, and browser console errors (found inSKILL.mdPhases 3 and 4).\n - Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard instructions that might be embedded within the content of the websites being tested.\n
- Capability inventory: The skill utilizes
Bash,Read, andWritetools to manage test reports and screenshots on the local filesystem.\n - Sanitization: No sanitization or filtering logic is specified for the data retrieved from external web applications.\n- [DATA_EXFILTRATION]: The skill logic involves handling sensitive authentication information. It includes instructions for importing session cookies from a local
cookies.jsonfile and entering user credentials into login forms (Phase 2). Although the skill explicitly mandates redacting passwords from reports, the capability to read and use these secrets poses a risk of accidental data exposure.
Audit Metadata