browser-preview
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests data from external sources which could potentially be manipulated to influence agent behavior.
- Ingestion points: Reads JSON content from /data/previews.json and /data/preview_history.json, and scans the workspace for files using the find command (SKILL.md).
- Boundary markers: Absent. The agent is not instructed to isolate or treat data from these files as untrusted.
- Capability inventory: The agent uses cat, curl, find, and the preview_serve and preview_stop tools (SKILL.md).
- Sanitization: Absent. There is no mention of validating or escaping data retrieved from the file system or configuration files before use in subsequent commands or tool calls.
- [COMMAND_EXECUTION]: Diagnostic Shell Commands. The skill utilizes local shell commands for system discovery and diagnostics.
- Evidence: Instructs the use of cat to read history and registry files, and curl to verify that local services are responding on specific ports (SKILL.md). These operations are restricted to the local environment and intended for troubleshooting.
Audit Metadata