qa
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to process untrusted data from multiple external sources. Ingestion points: The agent reads the accessibility tree/DOM in browser mode, takes screenshots of arbitrary applications in computer mode, and captures terminal output in CLI mode. Boundary markers: The instructions do not include explicit delimiters or 'ignore' directives to prevent the agent from following malicious instructions found within the content of target applications. Capability inventory: The agent has access to powerful tools including shell command execution (Bash), file system modification (Write, Edit), and UI automation (computer-use). Sanitization: There is no evidence of filtering or validation for content ingested from target applications.
- [EXTERNAL_DOWNLOADS]: The skill attempts to resolve and download the browser automation utility using 'npx @team-attention/chromux' if it is not found in the local environment. This package is part of the vendor's own namespace.
- [COMMAND_EXECUTION]: The skill utilizes the 'Bash' tool and 'tmux' to perform environment setup, launch applications, and manage interactive terminal sessions during the testing process.
Audit Metadata