design-compliance
Fail
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill includes hardcoded plaintext credentials (username:
apvhn, password:apvhn) inSKILL.mdintended for automated login to the application being audited. This exposes static credentials within the agent's instructions. - [COMMAND_EXECUTION]: The skill utilizes a headless browser (Playwright) to perform visual inspections. This involves navigating to local or remote URLs, probing network ports (5173, 5174, 3000, 8080), and executing JavaScript within the browser context to manipulate the page state (e.g., toggling dark mode). These operations are performed autonomously without human intervention.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It ingests untrusted data from local source files, router configurations, and external documentation. There are no boundary markers or sanitization steps to prevent malicious instructions embedded in the audited code from hijacking the autonomous 'auto-fix' process, which possesses file-write capabilities across the component tree.
- [REMOTE_CODE_EXECUTION]: The skill fetches and processes documentation content from the PrimeVue official website to guide its code modification logic. While targeting a well-known service, the dynamic integration of external content into the agent's decision-making process for automated file edits presents a risk factor.
Recommendations
- AI detected serious security threats
Audit Metadata