user-testing
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to work with Playwright MCP tools (
browser_navigate,browser_click,browser_type,browser_snapshot,browser_take_screenshot). While essential for the skill's purpose, these tools grant the agent extensive control over the browser session. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because its core function involves navigating to and processing content from arbitrary URLs provided at runtime.
- Ingestion points: External content enters the agent's context through the
browser_navigateandbrowser_snapshottools as defined in the testing workflows. - Boundary markers: The skill lacks explicit instructions or system-level delimiters to distinguish between the testing instructions and potentially malicious content embedded in the target web pages.
- Capability inventory: The agent possesses full browser automation capabilities (click, type, navigate) which could be misused if influenced by a malicious site.
- Sanitization: No sanitization or safety-filtering is applied to the text retrieved from target websites before the agent processes it for narration and reporting.
Audit Metadata