web-browser-review
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands to start the application server (e.g., 'npm run dev') based on the project's package.json. This is standard developer workflow automation and necessary for the skill's primary function.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes external web content and console logs to determine code changes. While this presents a theoretical risk if malicious websites are audited, it is the core functionality of a visual QA automation tool.\n
- Ingestion points: Output from the headless browser reflecting the state of the target web application (SKILL.md).\n
- Boundary markers: None identified; the agent is instructed to treat all browser output as data for identifying and fixing issues (SKILL.md).\n
- Capability inventory: The skill has permissions to modify local source code files and execute predefined project scripts (SKILL.md).\n
- Sanitization: There is no explicit sanitization of browser data before it is interpolated into the agent's decision-making process for code modification (SKILL.md).
Audit Metadata