Skills
skills/steveonead/agent-skills/ito-ui-verify/Gen Agent Trust Hub

ito-ui-verify

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill configuration instructs the execution of npx chrome-devtools-mcp@latest, which fetches the tool from the official NPM registry. This is a standard procedure using a well-known package registry.
  • [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) to view repository metadata and create new issues for reporting identified UI failures. It also writes structured report data to the local file system in the docs/ito-temp/ui-verify/ directory.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by ingesting and acting upon content retrieved from web browser sessions.
  • Ingestion points: External data is ingested through DOM snapshots, console log messages, and network request details captured via the chrome-devtools-mcp tools.
  • Boundary markers: The instructions include a dedicated 'Security Boundary' section that explicitly directs the agent to treat browser-retrieved content as untrusted data rather than authoritative instructions.
  • Capability inventory: The agent possesses the capability to write files to the local disk and interact with GitHub repositories to create issues.
  • Sanitization: The skill does not define specific technical sanitization or validation logic for the ingested web data; it relies on adherence to the provided safety instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 02:21 AM