visual-qa
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it analyzes visual data from external web pages that could contain malicious instructions designed to manipulate the agent's behavior.
- Ingestion points: Browser screenshots of web pages captured from URLs provided in arguments or inferred from git state.
- Boundary markers: No boundary markers or specific 'ignore' instructions are provided to the agent to distinguish between the skill's operational logic and text captured within the screenshots.
- Capability inventory: The skill possesses the ability to execute shell commands via
agent-browserandBashto start development servers and interact with the local file system. - Sanitization: Visual content captured from web pages is not sanitized or filtered before analysis by the model.
- [EXTERNAL_DOWNLOADS]: The skill utilizes
npxto execute theagent-browsertool, which may involve downloading the package from the NPM registry at runtime if it is not already present in the environment.
Audit Metadata