frontend-testing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill instructions promote the use of
scripts/with_server.pyto execute arbitrary shell commands provided as string arguments (e.g.,--server 'npm run dev'). This allows for the execution of any system command on the host. - PROMPT_INJECTION (HIGH): The 'Reconnaissance-Then-Action' workflow creates a high risk of indirect prompt injection. Ingestion points: The skill utilizes browser automation tools like
browser_evaluateto inspect untrusted external websites. Boundary markers: None; the agent is directed to act directly based on its observations of external content. Capability inventory: Local shell execution is available via the bundledwith_server.pyscript. Sanitization: No sanitization is performed on data retrieved from external websites before it influences agent decisions or is used as input for command execution.
Recommendations
- AI detected serious security threats
Audit Metadata