authenticating
Warn
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes Playwright for complex browser automation, specifically simulating natural human behavioral biometrics (e.g., Bezier-curve mouse movements, variable typing delays, and acceleration-based scrolling) to evade security detection systems.
- [REMOTE_CODE_EXECUTION]: Employs dynamic JavaScript injection within the browser context (
playwright_run_code) to perform status code spoofing and intercept authentication responses, allowing for the simulation of successful 2FA bypasses. - [CREDENTIALS_UNSAFE]: Includes a 'CredentialManager' utility that stores usernames, passwords, and 2FA secrets in a local hidden file (
.credentials). Although it attempts to manage file permissions and gitignore entries, storing plaintext credentials locally is a significant risk. - [EXTERNAL_DOWNLOADS]: Recommends installing multiple external dependencies for browser control, IMAP email access, and OCR-based CAPTCHA solving, including
playwright,imap, andtesseract.js. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it navigates to and analyzes form requirements from untrusted external websites. Ingestion points: Web form analysis (
SKILL.md); Capability inventory: Subprocess calls via Playwright, IMAP network operations, and file-write operations; Sanitization: No explicit sanitization or boundary markers are documented for processed web content.
Audit Metadata