webapp-testing
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill navigates to user-provided URLs and extracts text content, creating an indirect prompt injection surface.\n
- Ingestion points:
scripts/playwright_runner.py(extracts title and element text from remote pages).\n - Boundary markers: Absent. Content is returned in structured JSON but without delimiters warning the LLM about untrusted content.\n
- Capability inventory: The skill allows powerful tools including
Bash,Write, andEditas defined inSKILL.md.\n - Sanitization: Absent. Data from external sites is processed without escaping or validation.\n- External Downloads (SAFE): The skill recommends installing
playwrightand its browser binaries. Since these are maintained by a trusted organization (Microsoft), the risk is minimal and appropriate for the skill's stated purpose.\n- Data Exposure (SAFE): Screenshots are saved to the system's temporary directory (tempfile.gettempdir()), which is standard practice for ephemeral test data.
Audit Metadata