reality-checker
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local shell script './qa-playwright-capture.sh' in SKILL.md. This script is not provided for security review, and its execution could result in arbitrary code execution if the script contains malicious logic.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests untrusted data from project source files and test result documents which could be manipulated by an attacker to influence the agent's behavior.
- Ingestion points: 'resources/views/', '.html', '.css', '*.blade.php', and 'public/qa-screenshots/test-results.json' (referenced in SKILL.md).
- Boundary markers: Absent. There are no instructions to the agent to disregard instructions embedded within these files.
- Capability inventory: Execution of shell commands including 'ls', 'grep', and the script './qa-playwright-capture.sh' (referenced in SKILL.md).
- Sanitization: Absent. The content of the files is processed directly without validation or escaping.
Audit Metadata