record-promo
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several shell commands to manage the recording workflow, including starting a development server, running a dynamically generated Node.js script, and using FFmpeg for video processing and thumbnail extraction. It also uses
chmod +xto ensure internal scripts are executable. - [EXTERNAL_DOWNLOADS]: The skill checks for and installs the
@playwright/testpackage and the Chromium browser vianpmandnpxif they are not already present. These are industry-standard tools from a well-known source. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) because its core functionality depends on reading and analyzing project source code to generate automation logic. 1. Ingestion points: The agent reads files such as
GameScene.js,EventBus.js, andConstants.js. 2. Boundary markers: No delimiters or warnings are used when reading these files. 3. Capability inventory: The skill has the ability to execute shell commands, install software packages, and write files to the local disk. 4. Sanitization: No validation or sanitization of the source code content is performed before it is used to influence the generated script logic.
Audit Metadata