page-test
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run
npm run buildandnpm run devto compile assets. This allows for the execution of arbitrary scripts defined in the local project'spackage.jsonfile. - [REMOTE_CODE_EXECUTION]: By directing the agent to run
npm install, the skill triggers the download and execution of external packages. This can lead to remote code execution through malicious lifecycle scripts (e.g., preinstall, postinstall) found in unverified dependencies. - [CREDENTIALS_UNSAFE]: The agent is explicitly told to search for and read sensitive files, including
.env,.env.example, anddocker-compose.yml. This is intended for port discovery (e.g., APP_PORT, VITE_PORT) but risks exposing secrets or other sensitive environment variables to the model context. - [EXTERNAL_DOWNLOADS]: The skill facilitates the download of third-party software via npm without a mechanism to verify the integrity or safety of the project's dependency manifest before installation.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted external content.
- Ingestion points: The agent navigates to arbitrary URLs, reads web page snapshots, captures console logs, and inspects network requests.
- Boundary markers: No delimiters or safety instructions are provided to prevent the agent from following malicious commands embedded in page text or console output.
- Capability inventory: The skill utilizes file system access (reading configuration), command execution (npm/build tools), and browser interaction tools.
- Sanitization: There is no evidence of data sanitization or filtering applied to the content retrieved by Playwright before it is analyzed by the agent.
Audit Metadata