browse
Warn
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is configured to locate and read sensitive environment files such as
.env,.env.local, and.env.developmentto determine the application port during its context scan phase. Accessing these files represents a potential exposure risk for any credentials or secrets stored within the environment configuration. - [PROMPT_INJECTION]: The skill operates on untrusted data retrieved from a web application, creating an attack surface for indirect prompt injection where malicious content in the app could influence the agent's behavior.
- Ingestion points: Data is ingested from the web application via browser snapshot, page reading, and console log tools as described in the browser setup and session phases.
- Boundary markers: The instructions lack clear delimiters or specific guidance to the agent to treat the retrieved content as untrusted or to disregard potential instructions embedded within the application interface.
- Capability inventory: The agent has permissions to read local files, execute git commands, and perform browser automation with interaction capabilities.
- Sanitization: No sanitization or validation of external web content is specified before the agent processes and evaluates it.
Audit Metadata