sg-visual-discover
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate repository introspection and UI mapping for the purpose of generating test configurations. All identified operations are confined to the local project environment.
- [COMMAND_EXECUTION]: Executes Git commands (e.g.,
git rev-parse,git show-ref) to analyze local repository state and determine which files have changed for scope detection. - [COMMAND_EXECUTION]: Utilizes a browser automation agent to perform interactive UI exploration, including taking snapshots and screenshots of the local development application.
- [DATA_EXFILTRATION]: Accesses local project documentation and configuration templates (e.g.,
README.md,CLAUDE.md,.env.example) to identify development-level credentials for use in the generated test manifests. This data is stored in local configuration files and is not transmitted externally. - [PROMPT_INJECTION]: The skill ingests local source code and project files to inform the structure of generated test steps. This interaction with local data is essential for the tool's primary function of mirroring the UI navigation tree.
Audit Metadata