visual-companion

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill manages a local Node.js server lifecycle using shell scripts (start-server.sh, stop-server.sh) and a core server script (server.cjs). It correctly implements process monitoring, background execution using nohup and disown, and graceful shutdown procedures.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection (Category 8) by design. \n
  • Ingestion points: Data from the user's browser (clicks, selected choices, and form field values) is captured by helper.js, transmitted via WebSocket or HTTP to server.cjs, and stored in a local events file. This data is then consumed by the agent using wait-for-event.cjs. \n
  • Boundary markers: The instructions do not specify any boundary markers or instructions for the agent to treat the data retrieved from browser events as untrusted or to ignore embedded commands. \n
  • Capability inventory: The skill is configured with Bash, Read, and Write tools, which gives the agent significant capabilities should it be misled by injected instructions in the event data. \n
  • Sanitization: There is no evidence of sanitization or validation of the text or values returned from the browser-based forms before they are processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 04:46 PM
Security Audit — agent-trust-hub — visual-companion