Skills
skills/lobehub/lobe-chat/local-testing/Gen Agent Trust Hub

local-testing

Warn

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Shell scripts for bot testing (e.g., test-discord-bot.sh, test-slack-bot.sh) are vulnerable to AppleScript injection because user-provided messages and channel names are interpolated directly into osascript commands without proper escaping.
  • [COMMAND_EXECUTION]: The electron-dev.sh script is vulnerable to environment variable injection via the CDP_PORT variable, which is used to construct file paths and command arguments.
  • [EXTERNAL_DOWNLOADS]: Recommends installing the agent-browser CLI tool from npm, Homebrew, or Cargo, and utilizes npx to execute the electron-vite development server.
  • [DATA_EXFILTRATION]: Accesses sensitive system interfaces including the macOS clipboard (via pbpaste and osascript) and screen capture (via screencapture) to monitor application state.
  • [PROMPT_INJECTION]: Susceptible to indirect prompt injection due to the ingestion of untrusted data from external web pages and third-party chat applications.
  • Ingestion points: Ingests data from the browser DOM via agent-browser snapshot and from application windows via clipboard capture.
  • Boundary markers: None identified; external content is processed without delimiters or warnings to ignore embedded instructions.
  • Capability inventory: The skill can execute arbitrary JavaScript in browsers, manipulate GUI elements of native apps, and perform file system operations.
  • Sanitization: No validation or sanitization is performed on content retrieved from external sources before it is used to drive agent actions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 8, 2026, 02:14 PM