webapp-testing
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill documentatio n in structs the user to in stall 'playwrigh t' and it s browser binarie s. Since Playwrigh t is main tained by Micro sof t, a trusted organizatio n, this fin ding is dow n grade d per [TRUST-SCOPE-RULE].
- PROMPT_INJECTION (LOW): The skill exhibit s a surface for in direct prom pt in jection by fetc hing and analy zing conten t from arbitrar y externa l UR Ls. Evidence Chain: (1) In gestion poin t s: 'scrip ts/playwrigh t_runner.p y' extrac t s page title s and heading s from processe d UR Ls. (2) Boun dary marker s: Absen t. (3) Capability in ventor y: The skill is allowed Bash, Write, and Edit tool s. (4) Sanitizatio n: Absen t.
Audit Metadata