go
Warn
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to retrieve login credentials from sensitive local files like
.env.localor the project's secrets manager. This creates a risk of exposing sensitive authentication data to the agent's context.\n- [PROMPT_INJECTION]: The skill involves the agent reading and interpreting content from a browser (HTML, console logs, network responses), which is a surface for indirect prompt injection attacks.\n - Ingestion points: Browser tool output (e.g., Chrome extension, Playwright, next-devtools) as described in
SKILL.md.\n - Boundary markers: None; there are no instructions to delimit or ignore instructions within the browser content.\n
- Capability inventory: File system access for secrets, browser automation execution, and network/console log interpretation.\n
- Sanitization: Not specified for the web content being processed.
Audit Metadata