visual-qa
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
agent-browserutility from the Vercel Labs official GitHub repository as a fallback mechanism for capturing web screenshots. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it ingests 'reference packets' containing untrusted text such as annotations, overview descriptions, and UI copy, which are then interpolated into prompts for subagent reviewers. The skill effectively mitigates this risk by instructing the agent to treat this content as untrusted data for comparison purposes only and by requiring the redaction of all credentials, tokens, and sensitive information before processing.
- Ingestion points:
SKILL.md(Step 2 and Step 3). - Boundary markers: The instructions provide explicit warnings to disregard any instructions embedded within the reference data.
- Capability inventory: The skill dispatches review tasks to parallel subagents using standard platform tools like
task()orspawn_agent(). - Sanitization: Explicit instructions are provided for the manual redaction of sensitive content prior to review dispatch.
Audit Metadata