webapp-testing
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation indicates that Playwright will be installed automatically if not present, which involves fetching dependencies from the official npm registry.
- [COMMAND_EXECUTION]: The skill executes browser automation commands via Playwright to interact with local or remote web applications and performs file system writes when saving screenshots.
- Evidence:
captureScreenshotfunction intest-helper.jswrites to the local file system. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from external or local web pages which may contain malicious instructions designed to influence the agent's behavior.
- Ingestion points: The agent navigates to and reads content from URLs using
page.goto()as seen inSKILL.mdexamples. - Boundary markers: There are no explicit instructions or delimiters used to separate untrusted web content from the agent's internal logic or instructions.
- Capability inventory: The skill can perform clicks, fill form fields, and capture screenshots within the browser context, as defined in
SKILL.mdandtest-helper.js. - Sanitization: There is no evidence of sanitization, filtering, or validation of the content retrieved from the web pages before interaction occurs.
Audit Metadata