security-visual-testing
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues or malicious intent were identified in the analyzed files. The skill appears to be a legitimate utility for quality engineering.
- [PROMPT_INJECTION]: The skill does not contain instructions to override system prompts or bypass safety filters. It explicitly defines a security checklist for agents to follow, including URL validation.
- [DATA_EXFILTRATION]: The skill implements robust PII detection for sensitive data (emails, credit cards, API keys) and provides masking strategies (blur, redact) before saving screenshots to prevent accidental data exposure. No evidence of unauthorized network transmission was found.
- [REMOTE_CODE_EXECUTION]: Dependencies and tools referenced (Playwright, Semgrep, jq) are industry-standard for automated testing and security auditing. No remote script execution patterns (e.g., shell piping from remote URLs) were detected.
- [COMMAND_EXECUTION]: The skill uses standardized CLI commands (aqe) and tools (Playwright, Semgrep) within a controlled testing environment. All executed commands are related to the skill's primary purpose of visual and security auditing.
Audit Metadata