visual-companion
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill manages a local Node.js server lifecycle using shell scripts (
start-server.sh,stop-server.sh) and a core server script (server.cjs). It correctly implements process monitoring, background execution usingnohupanddisown, and graceful shutdown procedures. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection (Category 8) by design. \n
- Ingestion points: Data from the user's browser (clicks, selected choices, and form field values) is captured by
helper.js, transmitted via WebSocket or HTTP toserver.cjs, and stored in a localeventsfile. This data is then consumed by the agent usingwait-for-event.cjs. \n - Boundary markers: The instructions do not specify any boundary markers or instructions for the agent to treat the data retrieved from browser events as untrusted or to ignore embedded commands. \n
- Capability inventory: The skill is configured with
Bash,Read, andWritetools, which gives the agent significant capabilities should it be misled by injected instructions in the event data. \n - Sanitization: There is no evidence of sanitization or validation of the text or values returned from the browser-based forms before they are processed by the agent.
Audit Metadata