task
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
- Ingestion points: Reads local code files using Grep/Read tools and queries external documentation via Context7 during the Investigate phase.
- Boundary markers: Not specified; the skill does not instruct the agent to ignore instructions embedded in the ingested files.
- Capability inventory: The agent can execute shell commands via pnpm, interact with browsers and mobile simulators, and perform git operations.
- Sanitization: Not mentioned.
- [CREDENTIALS_UNSAFE]: The workflow describes procedures for managing browser session states and authentication credentials.
- Instructs the agent to save browser state to 'auth.json' and use 'agent-browser auth save' commands.
- Explicitly recommends security practices such as using AGENT_BROWSER_ENCRYPTION_KEY and adding session files to .gitignore.
- [COMMAND_EXECUTION]: The skill triggers the execution of shell commands through the verification process.
- Phase 4 (Verify) executes project-specific scripts including pnpm lint, pnpm test, and pnpm build, which could execute arbitrary code defined in a repository.
Audit Metadata