adversarial-ux-test
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes roleplay instructions, directing the agent to 'fully inhabit' an 'adversarial persona' and be 'genuinely mean'. While intended for the purpose of finding UX flaws, this is a persona-based instruction that guides agent behavior through specific role-playing constraints.\n- [COMMAND_EXECUTION]: The instructions require the agent to use browser tools to navigate and interact with web applications, staging sites, and project documentation (SKILL.md).\n- [DATA_EXFILTRATION]: The skill captures screenshots and browser console logs from external websites and staging environments to generate reports and tickets. This involves processing potentially sensitive UI and technical data from external sources.\n- [PROMPT_INJECTION]: Indirect Prompt Injection Surface:\n
- Ingestion points: The skill ingests data from external URLs, project documentation, and web pages (SKILL.md).\n
- Boundary markers: Absent. The skill does not specify delimiters or instructions to ignore embedded commands within the external content being tested.\n
- Capability inventory: Uses browser tools for navigation, takes screenshots, and performs ticket creation (implies write/API capabilities).\n
- Sanitization: No validation or sanitization is mentioned for the content retrieved from external sites or documents.
Audit Metadata