webapp-testing
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates Indirect Prompt Injection through the processing of untrusted web content.
- Ingestion points: Data enters the agent context via
page.content(),page.locator().all(), and event listeners likepage.on('console', ...)andpage.on('request', ...). - Boundary markers: There are no explicit instructions or delimiters used to separate untrusted web content from the agent's core instructions.
- Capability inventory: The agent possesses the capability to execute Python/Node.js scripts, perform network requests via the browser, and write files to the local system (e.g., screenshots to
/tmp/). - Sanitization: The skill lacks sanitization or filtering of the content retrieved from the browser before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill's primary operational mode involves the dynamic generation and execution of Playwright scripts based on the rendered state of a web application. This pattern of 'Reconnaissance-then-action' encourages the agent to assemble and run code at runtime to interact with discovered DOM elements.
Audit Metadata