dogfood
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Interaction with External Web Content:
- The skill is designed to navigate to and interact with external websites provided by the user. Content from these sites (DOM snapshots and console logs) is ingested to guide the agent's actions.
- Context: While this is the core function of an automated tester, processing untrusted web content is a known surface for indirect prompt injection. The skill relies on the agent's internal safety protocols when interpreting site data.
- Credential and Session Management:
- To test protected features, the skill accepts user credentials and uses the
agent-browsertool to save session state (such as cookies) to a local file (auth-state.json). - Context: Storing session data locally allows for persistent testing across sessions. Users should ensure the output directory is secured, as it may contain sensitive authentication tokens.
- Automated Browser Tooling:
- The skill utilizes a specialized
agent-browserbinary to perform actions like clicking, filling forms, and recording video. - Context: These operations are executed via the command line and are necessary for reproducing technical issues found during testing.
Audit Metadata