localhost-screenshots
Fail
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Instructions in references/playwright-patterns.md direct the agent to execute a command with sudo (sudo npx playwright install-deps chromium) to install system dependencies, which grants the process elevated privileges.
- [COMMAND_EXECUTION]: The skill utilizes node -e in SKILL.md and references/playwright-patterns.md to execute JavaScript code directly from strings, bypassing file-based code analysis through dynamic execution of template-based logic.
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it navigates to and processes content from potentially untrusted local or remote URLs. 1. Ingestion points: page.goto() calls in SKILL.md, references/playwright-patterns.md, and references/ai-snapshots.md. 2. Boundary markers: Absent; no instructions are provided to ignore or delimit embedded instructions in the captured pages. 3. Capability inventory: Use of child_process.exec for serving and building sites, fs.writeFileSync for saving screenshots and metadata, and npx for package installation across multiple reference files. 4. Sanitization: Absent; the skill does not sanitize or filter the content of the pages before processing or taking snapshots.
Recommendations
- AI detected serious security threats
Audit Metadata