momentic-test
Warn
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions allow the agent to create and execute
JAVASCRIPTsteps for complex browser interactions that native steps cannot handle. This capability allows for the generation and runtime execution of arbitrary script content within the target browser environment. - [COMMAND_EXECUTION]: The skill makes extensive use of the
momentic_*MCP tools to manage the file system, navigate browsers, and manipulate test configurations. It uses CLI-style command strings to interface with these tools. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external websites to determine its next steps.
- Ingestion points: UI-state snapshots and screenshot artifacts retrieved via
momentic_get_session_stateand other preview/run tools, which are then read into the agent's context. - Boundary markers: The instructions do not specify the use of delimiters or 'ignore' warnings when processing text content extracted from the browser state.
- Capability inventory: The skill possesses the ability to navigate to arbitrary URLs, interact with UI elements, and execute custom JavaScript code.
- Sanitization: No explicit sanitization or validation of data retrieved from web pages is described before the agent uses that data to refine element descriptions or make execution decisions.
Audit Metadata