dogfood
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements a systematic testing workflow using expected platform tools. It manages session data and output files locally within a project-specific directory.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks because it processes untrusted content from external web applications. This is an inherent property of web-browsing agents and is handled by platform-level safety guardrails.
- Ingestion points: Web page snapshots, screenshots, and console logs from the user-provided Target URL (SKILL.md).
- Boundary markers: No specific delimiters or "ignore" instructions are used for page content.
- Capability inventory: Interactive browser control (click, fill, navigate) and basic file system operations (mkdir, cp).
- Sanitization: Standard browser automation practices are followed without additional content filtering.
- [CREDENTIALS_UNSAFE]: The skill handles login credentials for authentication testing via placeholders ({EMAIL}, {PASSWORD}). Instructions involve entering passwords into target sites and saving session state (auth-state.json) to the local output folder, which is standard functionality for QA automation tools and does not involve hardcoded secrets.
Audit Metadata