Skills
skills/hixuanxuan/browser-automation/visual-diff/Gen Agent Trust Hub

visual-diff

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content (text, attributes, structure) from third-party websites.\n
  • Ingestion points: Content from user-provided URLs is loaded into the browser and analyzed by the vet-investigation subagent.\n
  • Boundary markers: No explicit delimiters or isolation instructions are provided in the subagent delegation prompts to distinguish page content from agent logic.\n
  • Capability inventory: The skill has capabilities for shell command execution (bash, curl, npx, kill, pkill), browser control (CDP), and workspace file manipulation.\n
  • Sanitization: There is no evidence of sanitization or filtering for the data extracted from target web pages before it is processed by the agent.\n- [EXTERNAL_DOWNLOADS]: The skill uses npx --yes serve to host content exported from Figma. The serve package is a well-known utility provided by Vercel (a well-known service).
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 03:09 AM