ui-delivery
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes external URLs and files, creating a surface for indirect prompt injection. 1. Ingestion points:
<url-or-file-path>,<path>, and<deliverable>parameters in SKILL.md. 2. Boundary markers: Not present. 3. Capability inventory: Browser automation via playwright-cli, screenshotting, file system access, and local script execution. 4. Sanitization: Not identified in instructions. - [Dynamic Execution] (LOW): Uses
playwright-cli run-codeto execute JavaScript in a browser context. While the provided instructions use static templates for resizing the viewport, this represents a dynamic execution capability. - [Unverifiable Dependencies & Remote Code Execution] (LOW): Suggests
npx playwrightas a fallback, which involves downloading and executing a package from a public registry. Playwright is a standard tool maintained by Microsoft (a trusted organization), justifying the LOW severity under the [TRUST-SCOPE-RULE].
Audit Metadata