qa
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill includes documentation on how to identify and ignore prompt injection attempts found in external content. While these patterns (e.g., 'ignore previous instructions') were detected by static analysis, they are correctly implemented as defensive safety rules for the agent rather than malicious instructions.\n- [COMMAND_EXECUTION]: The skill utilizes utility scripts and standard tools (Playwright, curl, httpie) to perform its intended QA functions. The
bin/screenshot.shscript safely handles arguments when invoking Node.js for browser automation and creates output directories locally.\n- [DATA_EXFILTRATION]: The skill is designed to interact with local or staging environments for testing purposes. It contains explicit instructions for the agent to avoid testing in production and to scope URL visits to the project under test to prevent data leakage.\n- [SAFE]: The skill possesses an indirect prompt injection attack surface as it processes untrusted web and UI content. However, it implements robust defensive measures:\n - Ingestion points: Untrusted browser content (Playwright), UI text (Computer use), and API responses (curl/httpie) referenced in SKILL.md.\n
- Boundary markers: Explicit 'Prompt injection boundary' section with five specific rules to prevent obedience to external content.\n
- Capability inventory: File system writes (qa/results) and subprocess execution (node) in bin/screenshot.sh, and network access (browser/API) in SKILL.md.\n
- Sanitization: Clear instructions to treat all external content strictly as test data for findings and screenshots, explicitly forbidding it from becoming agent instructions.
Audit Metadata