web-audit
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a shell command template
npx lighthouse {URL}. If the{URL}parameter is populated with unsanitized user input, an attacker could use shell metacharacters such as;or&&to execute unauthorized commands on the host environment. - [EXTERNAL_DOWNLOADS]: Fetches and runs Google's Lighthouse utility via
npxat runtime. The skill also utilizes the@axe-core/playwrightandplaywrightlibraries for accessibility testing and browser automation. These are well-known tools from trusted organizations (Google, Deque Systems, and Microsoft). - [PROMPT_INJECTION]: The skill processes untrusted data from external websites, creating an indirect prompt injection surface where malicious site content could influence the agent's summary reports or subsequent decisions. Evidence Chain: 1. Ingestion points: Fetches content from external URLs via Lighthouse and Playwright. 2. Boundary markers: No markers are defined to separate external content from the agent's instructions. 3. Capability inventory: Subprocess execution (npx), file system writes (qa-reports/), and network access. 4. Sanitization: No explicit sanitization or validation of the URL or website content is implemented in the instruction set.
Audit Metadata