Ark Dashboard and UI Testing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill processes untrusted data from the Ark Dashboard UI. 1. Ingestion points: External content retrieved via browser_navigate and browser_take_screenshot. 2. Boundary markers: Absent; the agent is not instructed to ignore embedded instructions. 3. Capability inventory: High-privilege access including kubectl cluster commands, git push, and gh api for repository modification. 4. Sanitization: Absent; external data is used directly in Pull Request updates.
- Command Execution (MEDIUM): The skill executes sensitive shell commands such as kubectl port-forward and gh api. These tools could be abused if the agent's logic is overridden by instructions embedded in the dashboard UI.
- Data Exfiltration (MEDIUM): The automated workflow for pushing screenshots to a 'scratch' repository provides a clear path for data exfiltration. An attacker could influence the agent to upload sensitive local files or secrets to GitHub by manipulating the target of the git operations.
Recommendations
- AI detected serious security threats
Audit Metadata