web-auth
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from external websites, creating a surface for indirect prompt injection attacks. It mitigates this by instructing the agent to treat data within
[PAGE_CONTENT: ...]delimiters as non-authoritative and warning against executing commands found in web content. - Ingestion points: Web page content processed by the agent during authentication or verification flows.
- Boundary markers: Uses
[PAGE_CONTENT: ...]delimiters to isolate untrusted data. - Capability inventory: The skill uses
web-ctl.jsto control browser sessions, navigate URLs, and perform snapshots via Playwright. - Sanitization: Includes explicit instructions for the agent to disregard instructions or commands embedded within the fetched page text.
- [COMMAND_EXECUTION]: The skill executes local Node.js scripts (
web-ctl.js) to manage browser sessions and authentication flows. It includes security guidance for the agent to use proper shell quoting for URLs to prevent shell glob expansion or command backgrounding. - [EXTERNAL_DOWNLOADS]: The skill may trigger the installation of the Playwright browser automation library and Chromium browser binaries if they are not already present on the system. These are well-known and trusted developer tools.
Audit Metadata