dogfood
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
Bashto execute several commands includingmkdirandcpfor environment setup, andagent-browserfor web interaction. These are standard operations for a testing agent and are directed towards local file management and browser automation. - [PROMPT_INJECTION]: The skill is inherently susceptible to Indirect Prompt Injection (Category 8) because its primary function is to ingest and process content from untrusted external web applications.
- Ingestion points: The agent reads external data through
agent-browser snapshot -i(DOM content),agent-browser console, andagent-browser errors(browser logs). - Boundary markers: There are no specific delimiters or system-level instructions provided in the skill to ensure the agent ignores or sanitizes instructions that might be embedded in the target website's HTML or JavaScript console.
- Capability inventory: The skill possesses the ability to execute shell commands, perform filesystem writes (reports and media), and maintain persistent browser sessions.
- Sanitization: No validation or sanitization is performed on the ingested DOM or console data before the agent evaluates it for testing purposes.
Audit Metadata