screenshots
Warn
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to manage files and state, including
git diff,git restore,mkdir,rm,curl, andplaywright-cli. - [REMOTE_CODE_EXECUTION]: The skill follows a dynamic execution pattern (Category 10) by generating a temporary TypeScript file (
e2e/tmp-screenshots.e2e.ts) derived from the$ARGUMENTSparameter and executing it viaplaywright-cli test. This involves running agent-generated code at runtime. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted data from
$ARGUMENTSand uses it to construct executable test scripts. - Ingestion points: Custom instructions provided in the
$ARGUMENTSparameter (SKILL.md). - Boundary markers: Absent; the instructions are directly translated into test logic without delimiters or warnings.
- Capability inventory: The skill can write files, execute shell commands, and run Playwright tests which have full access to the browser and potentially local network resources.
- Sanitization: No sanitization or validation logic is defined for the content of the generated test script.
- [CREDENTIALS_UNSAFE]: The instructions (Steps 6a and 8b) direct the agent to analyze the project's authentication patterns and 'reuse the same approach'. This creates a risk of sensitive tokens, cookies, or credentials being extracted from the environment and placed into the temporary test files in plain text.
Audit Metadata