mobile-browser-workflow-orchestrator
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to collect user passwords and store them in plaintext in the
/workflows/mobile-config.jsonfile. Storing secrets without encryption or using environment variables is an unsafe practice. - [DATA_EXFILTRATION]: While no explicit external exfiltration was detected, the storage of plaintext credentials in a predictable local path (
/workflows/mobile-config.json) significantly increases the risk of data exposure if other processes or users access the filesystem. - [COMMAND_EXECUTION]: The orchestrator generates executable scripts (Playwright tests) and suggests running them via the command line using
npx playwright test. It also has the capability to 'apply fixes to codebase', which involves automated writing to source files based on AI analysis. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its web exploration and auditing phases.
- Ingestion points: The skill navigates to and processes content from user-provided URLs during Phase 1 (Exploration) and Phase 2 (UX Audit).
- Boundary markers: There are no explicit instructions or delimiters used to prevent the agent from following instructions embedded in the HTML of the target sites.
- Capability inventory: The agent has extensive capabilities including writing configuration files, generating test scripts, and modifying the application's source code.
- Sanitization: There is no evidence of sanitization or filtering of the content retrieved from external websites before it is used to influence code generation or file modifications.
Audit Metadata