troubleshoot
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests untrusted data such as logs, stack traces, and source code during the reproduction and investigation phases. Malicious instructions embedded in these files could potentially influence agent behavior.\n
- Ingestion points: Phase 1 (logs, stack traces) and Phase 3 (source code).\n
- Boundary markers: Absent. No specific markers or instructions are provided to distinguish between data and instructions.\n
- Capability inventory: Includes powerful tools such as Bash for shell command execution, Edit and Write for filesystem modifications, and agent-browser for web interaction.\n
- Sanitization: Absent. No validation or filtering is mentioned for external content.\n- [CREDENTIALS_UNSAFE]: The skill encourages the storage of sensitive authentication data, such as session cookies and localStorage, to the local filesystem using the agent-browser state save command. Although it suggests using encryption and .gitignore, local persistence of credentials increases the risk of accidental exposure.\n- [COMMAND_EXECUTION]: The skill performs automated command execution using the Bash tool to run reproduction steps, build processes, and tests. These commands are often derived from project-specific files like package.json, which could be manipulated.
Audit Metadata