pwa-user-simulation
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its interaction with untrusted external web content.\n
- Ingestion points: The agent ingests data from external web pages via
browser_snapshot(Playwright MCP),take_snapshot(Chrome DevTools MCP), and visual screenshots.\n - Boundary markers: There are no explicit instructions or delimiters provided to separate the skill's operational instructions from the content of the pages being audited.\n
- Capability inventory: The agent has capabilities to navigate (
browser_navigate), interact with elements (browser_click,browser_type,fill), and execute code (evaluate_script).\n - Sanitization: No sanitization or filtering of the retrieved page content is implemented before the agent processes it for analysis.\n- [COMMAND_EXECUTION]: The skill provides structured instructions for the agent to execute browser automation commands through the Playwright and Chrome DevTools MCP servers.\n- [REMOTE_CODE_EXECUTION]: The skill leverages the
evaluate_scripttool to execute dynamic JavaScript within the browser context of the target application, which is used to gather performance and Core Web Vitals data.
Audit Metadata