Skills
skills/sundial-org/awesome-openclaw-skills/ui-test/Gen Agent Trust Hub

ui-test

Warn

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute system commands including node for test management and ffmpeg for video generation from screenshots.
  • [PROMPT_INJECTION]: The skill relies on translating user-provided natural language into executable actions, creating a surface for indirect prompt injection.
  • Ingestion points: User-defined test steps in SKILL.md and ui-test.js via the add-step or set-steps commands.
  • Boundary markers: None; steps are interpreted directly as intent for the browser tool.
  • Capability inventory: Full browser control (click, type, evaluate), file system writes, and shell command execution.
  • Sanitization: No validation or escaping of user input before interpretation.
  • [PROMPT_INJECTION]: The script scripts/ui-test.js generates Playwright code by interpolating user input directly into template strings without escaping. A crafted test step (e.g., containing single quotes) could inject arbitrary TypeScript code into the exported test files.
  • [DATA_EXFILTRATION]: The skill's automated screenshot and video generation features may capture and expose sensitive information (credentials, tokens, or PII) displayed in the browser during test execution, which are then transmitted to the user via the chat interface.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 25, 2026, 08:59 PM