task
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. Ingestion points: User input (Phase 1), local source code (Phase 1), and external documentation via mcp__context7__query-docs (Phase 1). Boundary markers: Not explicitly defined; relies on instruction self-checks. Capability inventory: File system modifications (Edit, Write), shell execution (pnpm, kill-port), browser automation (agent-browser), and version control (git push). Sanitization: None described.
- [DATA_EXFILTRATION]: The skill manages sensitive authentication tokens by saving browser state to local files such as auth.json. While it provides guidance to exclude these from version control, the storage of session data on the local filesystem represents a potential data exposure risk.
- [COMMAND_EXECUTION]: The workflow triggers shell command execution for standard development operations, including pnpm commands for linting and testing, and kill-port for process management.
Audit Metadata