Voyager
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell execution via
execSyncandexecin files such asenvironment-management.mdandperformance-testing.mdto orchestrate Docker containers, manage database migrations (Prisma/Drizzle), and run Lighthouse CI audits. - [REMOTE_CODE_EXECUTION]: Support for AI-powered 'Healer' and 'Generator' agents (detailed in
ai-powered-e2e-testing.md) enables the dynamic generation and execution of test code based on failure feedback, which is a Category 10 risk. - [EXTERNAL_DOWNLOADS]: Configuration involves fetching numerous third-party dependencies from NPM and downloading browser binaries via Playwright and Appium CLI tools.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8) due to its core function of interacting with and extracting data from untrusted web applications.
- Ingestion points: DOM elements, accessibility trees, and API responses from the application under test.
- Capability inventory: Shell execution (
execSync), file system access (fs,path), and low-level browser control via Chrome DevTools Protocol (CDP). - Boundary markers: Relies on standard agent delimiters.
- Sanitization: No explicit logic is provided to sanitize data extracted from web pages before processing it through AI planning or healing loops.
Audit Metadata