screengrabs
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/capture.tsimplements a dynamic code execution pattern usingawait import(resolvedPath). This is used to load and run 'pre-scripts' that the agent is instructed to write locally to handle browser interactions such as logging in or dismissing modals. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it visits untrusted external URLs and extracts text content from the page DOM. Maliciously crafted instructions within a website's content could attempt to influence the agent's subsequent actions in the PR workflow.
- [SAFE]: The skill includes robust security controls for data privacy. It features automatic redaction of sensitive patterns (e.g., OpenAI/Anthropic keys, JWTs, passwords) in
scripts/capture.tsbefore screenshots are taken, and a dedicated validation scriptscripts/validate-sensitive.tsto scan captured text for leaked credentials.
Audit Metadata