Skills
skills/proffesor-for-testing/agentic-qe/qe-browser/Gen Agent Trust Hub

qe-browser

Fail

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [PRIVILEGE_ESCALATION]: The skill's documentation in SKILL.md provides a workaround for Linux ARM64 platforms that requires the use of sudo to install system packages (sudo apt-get update and sudo apt-get install -y chromium chromium-driver).- [COMMAND_EXECUTION]: The skill's primary helper scripts (assert.js, batch.js, visual-diff.js, etc.) use node:child_process.spawnSync to execute the vibium CLI and other utilities like jq and node. User-provided inputs such as CSS selectors and action steps are passed as arguments to these sub-processes.- [REMOTE_CODE_EXECUTION]: The skill uses vibium eval and vibium eval --stdin to execute JavaScript code within the target browser's execution environment. While used for legitimate assertions and page analysis, this capability allows for the execution of arbitrary logic within the context of any navigated web page.- [EXTERNAL_DOWNLOADS]: The vibium automation engine is documented to automatically download 'Chrome for Testing' on its first invocation. Furthermore, the skill relies on external dependencies from npm (e.g., pixelmatch, pngjs) and suggests installing system-level packages via apt-get.- [PROMPT_INJECTION]: SKILL.md and scripts/check-injection.js contain numerous strings matching common prompt injection patterns (e.g., 'ignore previous instructions', 'system prompt leak'). These appear to be descriptive labels and detection patterns for the skill's scanner rather than malicious attempts to override the agent's behavior.- [DATA_EXFILTRATION]: The skill includes functionality to capture screenshots (visual-diff.js) and export browser storage state (cookies, local storage) to files on disk (e.g., .aqe/auth/myapp.json). These tools could be used to harvest sensitive data from authenticated web sessions.- [CREDENTIALS_UNSAFE]: The skill documentation provides examples of saving and restoring authentication state (vibium storage) to local files, which may contain session tokens or other sensitive credentials in plain text if not properly managed by the user.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 26, 2026, 10:35 PM