web-testing
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from untrusted external websites.\n
- Ingestion points: Untrusted data enters the agent context through browser navigation and console/network monitoring as described in SKILL.md and references/test-patterns.md.\n
- Boundary markers: No explicit boundary markers or instructions to ignore embedded instructions in web content were identified.\n
- Capability inventory: The skill utilizes subprocess calls for CLI tools (npx playwright), writes files to the local system (screenshots, test scaffolding via test-scaffold.ps1), and performs network operations.\n
- Sanitization: There is no evidence of sanitization for data retrieved from web pages before processing.\n- [DATA_EXFILTRATION]: The skill includes examples for accessing potentially sensitive data from the browser environment.\n
- Evidence: SKILL.md contains a code snippet demonstrating the extraction of user information from browser local storage (localStorage.getItem('user')). This capability, while intended for debugging, creates a surface for accessing PII or session tokens.\n- [COMMAND_EXECUTION]: The skill relies on local command execution for its primary functionality.\n
- Evidence: SKILL.md and scripts/test-scaffold.ps1 involve executing shell commands like 'npx playwright test' and running PowerShell scripts to generate project files.
Audit Metadata