enrich-qa-test
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it parses user-provided QA test files to extract URLs and UI element names for use in automated browser actions. A maliciously crafted test file could attempt to redirect the agent to sensitive internal resources or include instructions within element names intended to manipulate the agent's behavior.
- Ingestion points: The skill reads and parses the content of the provided (SKILL.md, Phase 1).
- Boundary markers: The execution instructions do not specify any delimiters or safety markers to differentiate between instructions and data within the parsed file.
- Capability inventory: The skill utilizes browser_navigate, browser_snapshot, browser_take_screenshot, and file system write operations (if --update is used) (SKILL.md, Phase 2 & 4).
- Sanitization: The skill description does not include steps for URL validation or sanitization of element names before they are used as parameters for browser tools.
Audit Metadata