webapp-testing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill instructs the agent to run
npm run devandnpx playwright test. These commands execute scripts defined in the local environment's configuration files, which is standard for development but technically allows for arbitrary command execution if the local configuration is compromised.- [EXTERNAL_DOWNLOADS] (LOW): The use ofnpxcan trigger downloads of packages from the npm registry if they are not already installed locally. While expected for Playwright, this involves external network dependency resolution.- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it processes data from external, potentially untrusted sources (web applications). - Ingestion points: Browser logs and UI element descriptions accessed via Playwright.
- Boundary markers: None provided in the instructions to distinguish application data from agent instructions.
- Capability inventory: Ability to execute shell commands (
npm,npx) and interact with the local file system (screenshots, logs). - Sanitization: No evidence of sanitization or escaping for the data read from the browser.
Audit Metadata