browser-preview
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a workflow where the agent scans user-controlled workspace files (such as
package.json,index.html,app.py) to discover projects. These files serve as ingestion points for untrusted data that could contain malicious instructions designed to influence the parameters of thepreview_servetool or the agent's subsequent responses. No explicit sanitization or boundary markers for this untrusted content are defined in the instructions. - [COMMAND_EXECUTION]: The agent is instructed to execute system commands including
curlfor server-side port diagnostics onlocalhostandfindfor workspace discovery. These commands are scoped to the internal environment and used for legitimate diagnostic purposes. - [DATA_EXFILTRATION]: The skill accesses internal state files located at
/data/previews.jsonand/data/preview_history.json. These files contain metadata about running services and historical preview activity within the platform's infrastructure, rather than sensitive user credentials or external data.
Audit Metadata